[Git][security-tracker-team/security-tracker][master] Track some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Dec 25 20:21:28 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
125a4777 by Salvatore Bonaccorso at 2023-12-25T21:20:54+01:00
Track some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2023-49337 (Concrete CMS before 9.2.3 allows Stored XSS on the Admin Dashboard via ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-48653 (Concrete CMS before 8.5.14 and 9 before 9.2.3 allows Cross Site Reques ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-48651 (Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forger ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-48650 (Concrete CMS before 8.5.14 and 9 before 9.2.3 is vulnerable to an admi ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-41165 (An issue was discovered in Stormshield Network Security (SNS) 3.7.0 th ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2023-38321 (OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other p ...)
TODO: check
CVE-2023-34198 (In Stormshield Network Security (SNS) 1.0.0 through 3.7.36 before 3.7. ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2023-7102 (Use of a Third Party library produced a vulnerability in Barracuda Net ...)
NOT-FOR-US: Barracuda (its use of Spreadsheet::ParseExcel, cf. CVE-2023-7102)
CVE-2023-7101 (Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing ...)
@@ -47202,7 +47202,7 @@ CVE-2023-27153
CVE-2023-27152 (DECISO OPNsense 23.1 does not impose rate limits for authentication, a ...)
NOT-FOR-US: DECISO OPNsense
CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: openCRX
CVE-2023-27150
RESERVED
CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...)
@@ -105973,9 +105973,9 @@ CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not esca
CVE-2022-2167 (The Newspaper WordPress theme before 12 does not sanitise a parameter ...)
NOT-FOR-US: WordPress theme
CVE-2022-34270 (An issue was discovered in RWS WorldServer before 11.7.3. Regular user ...)
- TODO: check
+ NOT-FOR-US: RWS WorldServer
CVE-2022-34269 (An issue was discovered in RWS WorldServer before 11.7.3. An authentic ...)
- TODO: check
+ NOT-FOR-US: RWS WorldServer
CVE-2022-34268 (An issue was discovered in RWS WorldServer before 11.7.3. /clientLogin ...)
NOT-FOR-US: RWS WorldServer
CVE-2022-34267 (An issue was discovered in RWS WorldServer before 11.7.3. Adding a tok ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/125a47774d0ef46d8620454b808053eebaef89c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/125a47774d0ef46d8620454b808053eebaef89c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231225/46271e2d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list