[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 29 08:44:46 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d4def360 by Salvatore Bonaccorso at 2023-12-29T09:44:06+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,155 +47,155 @@ CVE-2023-7136 (A vulnerability classified as problematic was found in code-proje
CVE-2023-7135 (A vulnerability classified as problematic has been found in code-proje ...)
NOT-FOR-US: code-projects Record Management System
CVE-2023-6939 (Some Honor products are affected by type confusion vulnerability, succ ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-52174 (XnView Classic before 2.51.3 on Windows has a Write Access Violation a ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2023-52173 (XnView Classic before 2.51.3 on Windows has a Write Access Violation a ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2023-52152 (mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read ...)
TODO: check
CVE-2023-52085 (Winter is a free, open-source content management system. Users with ac ...)
- TODO: check
+ NOT-FOR-US: Winter CMS
CVE-2023-52084 (Winter is a free, open-source content management system. Prior to 1.2. ...)
- TODO: check
+ NOT-FOR-US: Winter CMS
CVE-2023-52083 (Winter is a free, open-source content management system. Prior to 1.2 ...)
- TODO: check
+ NOT-FOR-US: Winter CMS
CVE-2023-51435 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51434 (Some Honor products are affected by buffer overflow vulnerability, suc ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51433 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51432 (Some Honor products are affected by out of bounds read vulnerability, ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51431 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51430 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51429 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51428 (Some Honor products are affected by type confusion vulnerability, succ ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51427 (Some Honor products are affected by type confusion vulnerability, succ ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-51426 (Some Honor products are affected by type confusion vulnerability, succ ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-50448 (In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue a ...)
- TODO: check
+ NOT-FOR-US: ActiveAdmin (aka Active Admin)
CVE-2023-50104 (ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index. ...)
- TODO: check
+ NOT-FOR-US: ZZCMS
CVE-2023-31302 (Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transp ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31301 (Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31300 (An issue was discovered in Sesami Cash Point & Transport Optimizer (CP ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31299 (Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transp ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31298 (Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transp ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31296 (CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31295 (CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31294 (CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31293 (An issue was discovered in Sesami Cash Point & Transport Optimizer (CP ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-31292 (An issue was discovered in Sesami Cash Point & Transport Optimizer (CP ...)
- TODO: check
+ NOT-FOR-US: Sesami Cash Point & Transport Optimizer (CPTO)
CVE-2023-7163 (A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that co ...)
NOT-FOR-US: D-Link
CVE-2023-7134 (A vulnerability was found in SourceCodester Medicine Tracking System 1 ...)
NOT-FOR-US: SourceCodester Medicine Tracking System
CVE-2023-7133 (A vulnerability was found in y_project RuoYi 4.7.8. It has been declar ...)
- TODO: check
+ NOT-FOR-US: y_project RuoYi
CVE-2023-7132 (A vulnerability was found in code-projects Intern Membership Managemen ...)
- TODO: check
+ NOT-FOR-US: code-projects Intern Membership Management System
CVE-2023-7131 (A vulnerability was found in code-projects Intern Membership Managemen ...)
- TODO: check
+ NOT-FOR-US: code-projects Intern Membership Management System
CVE-2023-7129 (A vulnerability, which was classified as critical, was found in code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Voting System
CVE-2023-7128 (A vulnerability, which was classified as critical, has been found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Voting System
CVE-2023-7127 (A vulnerability classified as critical was found in code-projects Auto ...)
- TODO: check
+ NOT-FOR-US: code-projects Automated Voting System
CVE-2023-7126 (A vulnerability classified as critical has been found in code-projects ...)
- TODO: check
+ NOT-FOR-US: code-projects Automated Voting System
CVE-2023-52082 (Lychee is a free photo-management tool. Prior to 5.0.2, Lychee is vul ...)
- TODO: check
+ NOT-FOR-US: Lychee photo-management tool (not the same as src:lychee from #993913)
CVE-2023-52081 (ffcss is a CLI interface to apply and configure Firefox CSS themes. Pr ...)
- TODO: check
+ NOT-FOR-US: ffcss
CVE-2023-52079 (msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior ...)
TODO: check
CVE-2023-51501 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-50874 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50873 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou A ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50859 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50858 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50857 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50856 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50855 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50853 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50849 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50848 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50847 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50846 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50845 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50844 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50843 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50842 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50841 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50840 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50839 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50838 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-50470 (A cross-site scripting (XSS) vulnerability in the component admin_ Vid ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2023-50267 (MeterSphere is a one-stop open source continuous testing platform. Pri ...)
- TODO: check
+ NOT-FOR-US: MeterSphere
CVE-2023-4672 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Talent Software ECOP
CVE-2023-4671 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Talent Software ECOP
CVE-2023-46987 (SeaCMS v12.9 was discovered to contain a remote code execution (RCE) v ...)
- TODO: check
+ NOT-FOR-US: SeaCMS
CVE-2023-36381 (Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt G ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32795 (Deserialization of Untrusted Data vulnerability in WooCommerce Product ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32513 (Deserialization of Untrusted Data vulnerability in GiveWP GiveWP \u201 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7124 (A vulnerability, which was classified as problematic, was found in cod ...)
NOT-FOR-US: code-projects E-Commerce Site
CVE-2023-7123 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -46897,7 +46897,7 @@ CVE-2023-27449
CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team Ma ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27447 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...)
NOT-FOR-US: WordPress plugin
CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Flo ...)
@@ -58837,45 +58837,45 @@ CVE-2023-23445 (Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnu
CVE-2023-23444 (Missing Authentication for Critical Function in SICK Flexi Classic and ...)
NOT-FOR-US: SICK
CVE-2023-23443 (Some Honor products are affected by type confusion vulnerability, succ ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23442 (Some Honor products are affected by type confusion vulnerability, succ ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23441 (Some Honor products are affected by out of bounds read vulnerability, ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23440 (Some Honor products are affected by information leak vulnerability, su ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23439 (Some Honor products are affected by information leak vulnerability, su ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23438 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23437 (Some Honor products are affected by information leak vulnerability, su ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23436 (Some Honor products are affected by signature management vulnerability ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23435 (Some Honor products are affected by signature management vulnerability ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23434 (Some Honor products are affected by information leak vulnerability, su ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23433 (Some Honor products are affected by signature management vulnerability ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23432 (Some Honor products are affected by signature management vulnerability ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23431 (Some Honor products are affected by signature management vulnerability ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23430 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23429 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23428 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23427 (Some Honor products are affected by incorrect privilege assignment vul ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23426 (Some Honor products are affected by file writing vulnerability, succes ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23425
RESERVED
CVE-2023-23424 (Some Honor products are affected by file writing vulnerability, succes ...)
- TODO: check
+ NOT-FOR-US: Honor
CVE-2023-23423 (Windows Kernel Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
CVE-2023-23422 (Windows Kernel Elevation of Privilege Vulnerability)
@@ -86374,7 +86374,7 @@ CVE-2022-38055
CVE-2022-36418
RESERVED
CVE-2022-36399 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability inOceanwp sticky heade ...)
NOT-FOR-US: WordPress plugin
CVE-2022-34840 (Use of hard-coded credentials vulnerability in multiple Buffalo networ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4def360caf4469e8cc638aed8afabc92ed1cc2f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4def360caf4469e8cc638aed8afabc92ed1cc2f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231229/68728624/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list