[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 29 20:43:44 GMT 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8bb706a9 by Salvatore Bonaccorso at 2023-12-29T21:42:54+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,11 +7,11 @@ CVE-2023-7114 (Mattermost version 2.10.0 and earlier fails to sanitize deeplink
CVE-2023-7113 (Mattermost version 8.1.6 and earlier fails to sanitize channel mention ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-7080 (The V8 inspector intentionally allows arbitrary code execution within ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Workers
CVE-2023-7079 (Sending specially crafted HTTP requests and inspector messages to Wran ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Workers
CVE-2023-7078 (Sending specially crafted HTTP requests to Miniflare's server could re ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Workers
CVE-2023-52139 (Misskey is an open source, decentralized social media platform. Third- ...)
NOT-FOR-US: Misskey
CVE-2023-52137 (The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/ ...)
@@ -118,57 +118,57 @@ CVE-2023-50572 (An issue in the component GroovyEngine.execute of jline-groovy v
NOTE: https://github.com/jline/jline3/commit/f3c60a3e6255e8e0c20d5043a4fe248446f292bb (jline-parent-3.25.0)
TODO: check if jline 3.x specific or affects as well src:jline2, src:jline
CVE-2023-50571 (easy-rules-mvel v4.1.0 was discovered to contain a remote code executi ...)
- TODO: check
+ NOT-FOR-US: easy-rules-mvel
CVE-2023-50570 (An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 le ...)
- TODO: check
+ NOT-FOR-US: IPAddress Java library
CVE-2023-4675 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: GM Information Technologies MDO
CVE-2023-4674 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Yaztek Software Technologies and Computer Systems E-Commerce Software
CVE-2023-4541 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Ween Software Admin Panel
CVE-2023-4468 (A vulnerability was found in Poly Trio 8800 and Trio C60. It has been ...)
- TODO: check
+ NOT-FOR-US: Poly Trio 8800 and Trio C60
CVE-2023-4467 (A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified ...)
- TODO: check
+ NOT-FOR-US: Poly Trio 8800
CVE-2023-4466 (A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4465 (A vulnerability, which was classified as problematic, was found in Pol ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4464 (A vulnerability, which was classified as critical, has been found in P ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4463 (A vulnerability classified as problematic was found in Poly CCX 400, C ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4462 (A vulnerability classified as problematic has been found in Poly CCX 4 ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-49830 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47840 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47804 (Apache OpenOffice documents can contain links that call internal macro ...)
- TODO: check
+ NOT-FOR-US: Apache OpenOffice
CVE-2023-46623 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45751 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44089 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-44088 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41814 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-40606 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32517 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32101 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32095 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7161 (A vulnerability classified as critical has been found in Netentsec NS- ...)
NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
CVE-2023-7160 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...)
@@ -34839,7 +34839,7 @@ CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file pa
CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
NOT-FOR-US: Siemens
CVE-2023-31237 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...)
@@ -34855,7 +34855,7 @@ CVE-2023-31231 (Unrestricted Upload of File with Dangerous Type vulnerability in
CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tong ...)
NOT-FOR-US: Haoqisir Baidu Tongji generator
CVE-2023-31229 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling verification. ...)
@@ -35345,7 +35345,7 @@ CVE-2023-31097
CVE-2023-31096 (An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel ...)
NOT-FOR-US: Broadcom
CVE-2023-31095 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Ka ...)
NOT-FOR-US: WooCommerce plugin
CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly ...)
@@ -42446,7 +42446,7 @@ CVE-2023-28788 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2023-28787
RESERVED
CVE-2023-28786 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest ...)
@@ -53997,7 +53997,7 @@ CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Fe
CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25054 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25053
RESERVED
CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tepl ...)
@@ -61485,9 +61485,9 @@ CVE-2023-22679 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-22678 (Cross-Site Request Forgery (CSRF) vulnerability inRafael DerySuperior ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22677 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22676 (Missing Authorization vulnerability in Anders Thorborg.This issue affe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22675
RESERVED
CVE-2023-22674 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...)
@@ -76457,7 +76457,7 @@ CVE-2022-44591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44589 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44588 (Unauth. SQL Injection vulnerability inCryptocurrency Widgets Pack Plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44587
@@ -252368,7 +252368,7 @@ CVE-2020-17165
CVE-2020-17164
RESERVED
CVE-2020-17163 (Visual Studio Code Python Extension Remote Code Execution Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2020-17161
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bb706a910ba81124bd8c589dc5734bdee04fee8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bb706a910ba81124bd8c589dc5734bdee04fee8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231229/fb2e0e3a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list