[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 14 20:47:22 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2bc7ea40 by Salvatore Bonaccorso at 2023-12-14T21:46:54+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...)
 	NOT-FOR-US: WhatsUp Gold
 CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
-	TODO: check
+	NOT-FOR-US: gradio
 CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow)
-	TODO: check
+	NOT-FOR-US: kubeflow
 CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow)
-	TODO: check
+	NOT-FOR-US: kubeflow
 CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3)
 	TODO: check
 CVE-2023-6563 (An unconstrained memory consumption vulnerability was discovered in Ke ...)
@@ -27,7 +27,7 @@ CVE-2023-5769 (A vulnerability exists in the webserver that affects the  RTU500
 CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...)
 	NOT-FOR-US: PHOENIX
 CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other JavaScr ...)
-	TODO: check
+	NOT-FOR-US: Speckle Server
 CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to version 3.11.7 ...)
 	TODO: check
 CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UT ...)
@@ -57,121 +57,121 @@ CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Rec
 	NOTE: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch
 	NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch
 CVE-2023-50137 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the sit ...)
-	TODO: check
+	NOT-FOR-US: JFinalcms
 CVE-2023-50102 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).)
-	TODO: check
+	NOT-FOR-US: JFinalcms
 CVE-2023-50101 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label  ...)
-	TODO: check
+	NOT-FOR-US: JFinalcms
 CVE-2023-50100 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carous ...)
-	TODO: check
+	NOT-FOR-US: JFinalcms
 CVE-2023-50073 (EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability ...)
-	TODO: check
+	NOT-FOR-US: EmpireCMS
 CVE-2023-50017 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...)
-	TODO: check
+	NOT-FOR-US: Dreamer CMS
 CVE-2023-50011 (PopojiCMS version 2.0.1 is vulnerable to remote command execution in t ...)
-	TODO: check
+	NOT-FOR-US: PopojiCMS
 CVE-2023-4694 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...)
-	TODO: check
+	NOT-FOR-US: HP
 CVE-2023-49860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49847 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49842 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49828 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49786 (Asterisk is an open source private branch exchange and telephony toolk ...)
 	TODO: check
 CVE-2023-49771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.)
-	TODO: check
+	NOT-FOR-US: Starshop component for Joomla
 CVE-2023-49707 (SQLi vulnerability in S5 Register module for Joomla.)
-	TODO: check
+	NOT-FOR-US: Joomla module
 CVE-2023-49294 (Asterisk is an open source private branch exchange and telephony toolk ...)
 	TODO: check
 CVE-2023-49195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49173 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49172 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49168 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49157 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49152 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49151 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48925 (SQL injection vulnerability in Buy Addons bavideotab before version 1. ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-48780 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48676 (Sensitive information disclosure and manipulation due to missing autho ...)
-	TODO: check
+	NOT-FOR-US: Acronis
 CVE-2023-48671 (Dell vApp Manager, versions prior to 9.2.4.x contain an information di ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48668 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48667 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48665 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48664 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48663 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48662 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48661 (Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48660 (Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file  ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an Imprope ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the response to  ...)
-	TODO: check
+	NOT-FOR-US: Dokmee ECM
 CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ...)
 	TODO: check
 CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version 1.1.13, a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bc7ea406898936257bf633d6e490d966c0073ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bc7ea406898936257bf633d6e490d966c0073ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231214/b5bf61e5/attachment.htm>

More information about the debian-security-tracker-commits mailing list