[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 21 21:44:00 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e50f87b8 by Salvatore Bonaccorso at 2023-12-21T22:43:39+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -32,11 +32,11 @@ CVE-2023-5989 (Improper Neutralization of Input During Web Page Generation ('Cro
 CVE-2023-5988 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: LioXERP
 CVE-2023-5594 (Improper validation of the server\u2019s certificate chain in secure t ...)
-	TODO: check
+	NOT-FOR-US: ESET
 CVE-2023-51655 (In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible ...)
 	- intellij-idea <itp> (bug #747616)
 CVE-2023-51442 (Navidrome is an open source web-based music collection server and stre ...)
-	TODO: check
+	NOT-FOR-US: Navidrome
 CVE-2023-51052 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...)
 	NOT-FOR-US: S-CMS
 CVE-2023-51051 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability via ...)
@@ -78,15 +78,15 @@ CVE-2023-50732 (XWiki Platform is a generic wiki platform offering runtime servi
 CVE-2023-50724 (Resque (pronounced like "rescue") is a Redis-backed library for creati ...)
 	TODO: check
 CVE-2023-50481 (An issue was discovered in blinksocks version 3.3.8, allows remote att ...)
-	TODO: check
+	NOT-FOR-US: blinksocks
 CVE-2023-50477 (An issue was discovered in nos client version 0.6.6, allows remote att ...)
-	TODO: check
+	NOT-FOR-US: nos client
 CVE-2023-50475 (An issue was discovered in bcoin-org bcoin version 2.2.0, allows remot ...)
-	TODO: check
+	NOT-FOR-US: bcoin-org bcoin
 CVE-2023-50473 (Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI vers ...)
-	TODO: check
+	NOT-FOR-US: bill-ahmed qbit-matUI
 CVE-2023-50377 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50119
 	REJECTED
 CVE-2023-4256 (Within tcpreplay's tcprewrite, a double free vulnerability has been id ...)
@@ -94,71 +94,71 @@ CVE-2023-4256 (Within tcpreplay's tcprewrite, a double free vulnerability has be
 CVE-2023-4255 (An out-of-bounds write issue has been discovered in the backspace hand ...)
 	TODO: check
 CVE-2023-49826 (Deserialization of Untrusted Data vulnerability in PenciDesign Soledad ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49778 (Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49765 (Authorization Bypass Through User-Controlled Key vulnerability in Blaz ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49762 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-49162 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48288 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-48116 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored X ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2023-48115 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored D ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2023-48114 (SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored X ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2023-47527 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47525 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47191 (Authorization Bypass Through User-Controlled Key vulnerability in Kain ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-46791 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Online Matrimonial Project
 CVE-2023-45127 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45126 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45125 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45124 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45123 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45122 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45121 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45120 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45119 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45118 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45117 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45116 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-45115 (Online Examination System v1.0 is vulnerable to multiple Authenticated ...)
-	TODO: check
+	NOT-FOR-US: Online Examination System
 CVE-2023-44482 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...)
-	TODO: check
+	NOT-FOR-US: Leave Management System Project
 CVE-2023-44481 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...)
-	TODO: check
+	NOT-FOR-US: Leave Management System Project
 CVE-2023-40058 (Sensitive data was added to our public-facing knowledgebase that, if e ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2023-32799 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32747 (Authorization Bypass Through User-Controlled Key vulnerability in WooC ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-32242 (Deserialization of Untrusted Data vulnerability in xtemos WoodMart - M ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-2487 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-XXXX [SMTP smuggling attack]
 	- postfix <unfixed> (bug #1059230)
 	NOTE: https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
@@ -42573,7 +42573,7 @@ CVE-2023-28423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-28422 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Mage ...)
 	NOT-FOR-US: WooCommerce plugin
 CVE-2023-28421 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28420 (Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28419 (Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Fo ...)
@@ -60256,7 +60256,7 @@ CVE-2023-22676
 CVE-2023-22675
 	RESERVED
 CVE-2023-22674 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Mon ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-22672 (Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Mul ...)
@@ -71890,7 +71890,7 @@ CVE-2022-45379 (Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier
 CVE-2022-45378 (In the default configuration of Apache SOAP, an RPCRouterServlet is av ...)
 	NOT-FOR-US: Apache SOAP
 CVE-2022-45377 (Unrestricted Upload of File with Dangerous Type vulnerability in Glen  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e50f87b8b9d286154322d51835bde3c570470a80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e50f87b8b9d286154322d51835bde3c570470a80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231221/b2281eee/attachment.htm>

More information about the debian-security-tracker-commits mailing list