[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Dec 29 20:29:26 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aec4c65c by Salvatore Bonaccorso at 2023-12-29T21:29:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2023-7171 (A vulnerability was found in Novel-Plus up to 4.2.0. It has been decla ...)
-	TODO: check
+	NOT-FOR-US: Novel-Plus
 CVE-2023-7166 (A vulnerability classified as problematic has been found in Novel-Plus ...)
-	TODO: check
+	NOT-FOR-US: Novel-Plus
 CVE-2023-7114 (Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2023-7113 (Mattermost version 8.1.6 and earlier fails to sanitize channel mention ...)
@@ -13,105 +13,105 @@ CVE-2023-7079 (Sending specially crafted HTTP requests and inspector messages to
 CVE-2023-7078 (Sending specially crafted HTTP requests to Miniflare's server could re ...)
 	TODO: check
 CVE-2023-52139 (Misskey is an open source, decentralized social media platform. Third- ...)
-	TODO: check
+	NOT-FOR-US: Misskey
 CVE-2023-52137 (The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/ ...)
-	TODO: check
+	NOT-FOR-US: verify-changed-files tj-actions Github actions
 CVE-2023-52135 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51688 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51687 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51676 (Server-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addon ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51675 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51663 (Hail is an open-source, general-purpose, Python-based data analysis to ...)
 	TODO: check
 CVE-2023-51545 (Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data v ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51527 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51517 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51505 (Deserialization of Untrusted Data vulnerability in realmag777 Active P ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51475 (Unrestricted Upload of File with Dangerous Type vulnerability in IOSS  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51473 (Unrestricted Upload of File with Dangerous Type vulnerability in Pixel ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51470 (Deserialization of Untrusted Data vulnerability in Jacques Malgrange R ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51468 (Unrestricted Upload of File with Dangerous Type vulnerability in Jacqu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51422 (Deserialization of Untrusted Data vulnerability in Saleswonder Team We ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51421 (Unrestricted Upload of File with Dangerous Type vulnerability in Soft8 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51420 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51419 (Unrestricted Upload of File with Dangerous Type vulnerability in Berth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51417 (Unrestricted Upload of File with Dangerous Type vulnerability in Joris ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51414 (Deserialization of Untrusted Data vulnerability in EnvialoSimple Env\x ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51412 (Unrestricted Upload of File with Dangerous Type vulnerability in Piotn ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51411 (Unrestricted Upload of File with Dangerous Type vulnerability in Shabt ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51410 (Unrestricted Upload of File with Dangerous Type vulnerability in WPVib ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51402 (Cross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force U ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51399 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51396 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51378 (Cross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Bl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51374 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51373 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51372 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51361 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51358 (Cross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Bloc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-51354 (Cross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appoin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50902 (Cross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New Use ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50901 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50896 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50893 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50892 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50891 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50881 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50880 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50879 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50878 (Cross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore AP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50837 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-50572 (An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 ...)
 	TODO: check
 CVE-2023-50571 (easy-rules-mvel v4.1.0 was discovered to contain a remote code executi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aec4c65c1a89b0e5228b46f6c379701eaae3434d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aec4c65c1a89b0e5228b46f6c379701eaae3434d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231229/e1f095d9/attachment.htm>

More information about the debian-security-tracker-commits mailing list