[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Dec 26 08:17:27 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1abbe0c4 by Salvatore Bonaccorso at 2023-12-26T09:16:59+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
 CVE-2023-7111 (A vulnerability, which was classified as critical, was found in code-p ...)
-	TODO: check
+	NOT-FOR-US: code-projects Library Management System
 CVE-2023-7110 (A vulnerability, which was classified as critical, has been found in c ...)
-	TODO: check
+	NOT-FOR-US: code-projects Library Management System
 CVE-2023-7109 (A vulnerability classified as critical was found in code-projects Libr ...)
-	TODO: check
+	NOT-FOR-US: code-projects Library Management System
 CVE-2023-7108 (A vulnerability classified as problematic has been found in code-proje ...)
-	TODO: check
+	NOT-FOR-US: code-projects E-Commerce Website
 CVE-2023-7107 (A vulnerability was found in code-projects E-Commerce Website 1.0. It  ...)
-	TODO: check
+	NOT-FOR-US: code-projects E-Commerce Website
 CVE-2023-7106 (A vulnerability was found in code-projects E-Commerce Website 1.0. It  ...)
-	TODO: check
+	NOT-FOR-US: code-projects E-Commerce Website
 CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website 1.0. It  ...)
-	TODO: check
+	NOT-FOR-US: code-projects E-Commerce Website
 CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classifie ...)
 	TODO: check
 CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to cause a ...)
@@ -19,11 +19,11 @@ CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to c
 CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypa ...)
 	TODO: check
 CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer over-read  ...)
-	TODO: check
+	NOT-FOR-US: BACnet Stack
 CVE-2023-51654 (Improper link resolution before file access ('Link Following') issue e ...)
-	TODO: check
+	NOT-FOR-US: iPrint&Scan Desktop for Windows
 CVE-2023-51363 (VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unau ...)
-	TODO: check
+	NOT-FOR-US: VR-S1000 firmware
 CVE-2023-50658 (The jose2go component before 1.6.0 for Go allows attackers to cause a  ...)
 	TODO: check
 CVE-2023-50339 (Stored cross-site scripting vulnerability exists in the User Managemen ...)
@@ -31,7 +31,7 @@ CVE-2023-50339 (Stored cross-site scripting vulnerability exists in the User Man
 CVE-2023-50332 (Improper authorization vulnerability exists in the User Management (/a ...)
 	TODO: check
 CVE-2023-50297 (Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Ser ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2023-50294 (The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 s ...)
 	TODO: check
 CVE-2023-50175 (Stored cross-site scripting vulnerability exists in the App Settings ( ...)
@@ -45,17 +45,17 @@ CVE-2023-49598 (Stored cross-site scripting vulnerability exists in the event ha
 CVE-2023-49119 (Stored cross-site scripting vulnerability via the img tags exists in G ...)
 	TODO: check
 CVE-2023-49117 (PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored cross-si ...)
-	TODO: check
+	NOT-FOR-US: PowerCMS
 CVE-2023-47215 (Stored cross-site scripting vulnerability which is exploiting a behavi ...)
 	TODO: check
 CVE-2023-46711 (VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographi ...)
-	TODO: check
+	NOT-FOR-US: VR-S1000 firmware
 CVE-2023-46699 (Cross-site request forgery (CSRF) vulnerability exists in the User set ...)
 	TODO: check
 CVE-2023-46681 (Improper neutralization of argument delimiters in a command ('Argument ...)
-	TODO: check
+	NOT-FOR-US: VR-S1000 firmware
 CVE-2023-45741 (VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access ...)
-	TODO: check
+	NOT-FOR-US: VR-S1000 firmware
 CVE-2023-45740 (Stored cross-site scripting vulnerability when processing profile imag ...)
 	TODO: check
 CVE-2023-45737 (Stored cross-site scripting vulnerability exists in the App Settings ( ...)
@@ -42545,7 +42545,7 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1
 	NOTE: making an empty dependency package only thus considered fixed exceptionally in
 	NOTE: that version.
 CVE-2023-28616 (An issue was discovered in Stormshield Network Security (SNS) before 4 ...)
-	TODO: check
+	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2023-28615
 	RESERVED
 CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injectio ...)
@@ -47315,7 +47315,7 @@ CVE-2023-27152 (DECISO OPNsense 23.1 does not impose rate limits for authenticat
 CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection vulnerabilit ...)
 	NOT-FOR-US: openCRX
 CVE-2023-27150 (openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: openCRX
 CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...)
 	NOT-FOR-US: Enhancesoft osTicket
 CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin panel i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abbe0c4ed1c8305e0ce4adbd227a962b70938c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abbe0c4ed1c8305e0ce4adbd227a962b70938c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231226/17531305/attachment.htm>

More information about the debian-security-tracker-commits mailing list