[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 14 20:25:31 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
202e0c44 by Salvatore Bonaccorso at 2023-12-14T21:25:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	TODO: check
 CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow)
@@ -9,47 +9,47 @@ CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow)
 CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3)
 	TODO: check
 CVE-2023-6563 (An unconstrained memory consumption vulnerability was discovered in Ke ...)
-	TODO: check
+	NOT-FOR-US: Keycloak
 CVE-2023-6545 (The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to ...)
-	TODO: check
+	NOT-FOR-US: authelia-bhf as included in Beckhoffs TwinCAT/BSD
 CVE-2023-6368 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2023-6367 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2023-6366 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2023-6365 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2023-6364 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...)
-	TODO: check
+	NOT-FOR-US: WhatsUp Gold
 CVE-2023-5769 (A vulnerability exists in the webserver that affects the  RTU500 serie ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...)
-	TODO: check
+	NOT-FOR-US: PHOENIX
 CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other JavaScr ...)
 	TODO: check
 CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to version 3.11.7 ...)
 	TODO: check
 CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UT ...)
-	TODO: check
+	NOT-FOR-US: EyouCMS
 CVE-2023-50565 (A cross-site scripting (XSS) vulnerability in the component /logs/dopo ...)
-	TODO: check
+	NOT-FOR-US: RPCMS
 CVE-2023-50564 (An arbitrary file upload vulnerability in the component /inc/modules_i ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2023-50563 (Semcms v4.8 was discovered to contain a SQL injection vulnerability vi ...)
-	TODO: check
+	NOT-FOR-US: Semcms
 CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...)
 	TODO: check
 CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...)
 	TODO: check
 CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50370 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50369 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50368 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...)
 	TODO: check
 CVE-2023-50137 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the sit ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202e0c44394bd90b3d20a5438d7b3e3e1fe43895

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/202e0c44394bd90b3d20a5438d7b3e3e1fe43895
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231214/0448cb40/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list