[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Nov 1 08:39:20 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9925c273 by Moritz Muehlenhoff at 2023-11-01T09:38:50+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,85 +1,85 @@
 CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5902 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5901 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5900 (Missing Authorization in GitHub repository pkp/pkp-lib prior to 3.3.0- ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5899 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5898 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5897 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocal ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5896 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5895 (Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prio ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5894 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior ...)
-	TODO: check
+	NOT-FOR-US: Open Journal System
 CVE-2023-5893 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5892 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5891 (Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-li ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5890 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5889 (Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior ...)
-	TODO: check
+	NOT-FOR-US: pkp-lib
 CVE-2023-5516 (Poorly constructed webap requests and URI components with special char ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-5515 (The responses for web queries with certain parameters disclose interna ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-5514 (The response messages received from the eSOMS report generation using  ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-5306 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...)
-	TODO: check
+	NOT-FOR-US: Online Blood Donation Management System
 CVE-2023-4198 (Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unaut ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2023-4197 (Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to stri ...)
-	TODO: check
+	- dolibarr <removed>
 CVE-2023-47099 (An issue was discovered in Virtualmin 7.7. The Create Virtual Server f ...)
-	TODO: check
+	NOT-FOR-US: Virtualmin
 CVE-2023-47098 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripti ...)
-	TODO: check
+	NOT-FOR-US: Virtualmin
 CVE-2023-47097 (An issue was discovered in Virtualmin 7.7. The Server Templates featur ...)
-	TODO: check
+	NOT-FOR-US: Virtualmin
 CVE-2023-47096 (An issue was discovered in Virtualmin 7.7. The Cloudmin Services Clien ...)
-	TODO: check
+	NOT-FOR-US: Virtualmin
 CVE-2023-47095 (An issue was discovered in Virtualmin 7.7. The Custom Fields feature o ...)
-	TODO: check
+	NOT-FOR-US: Virtualmin
 CVE-2023-47094 (An issue was discovered in Virtualmin 7.7. A Stored Cross-Site Scripti ...)
-	TODO: check
+	NOT-FOR-US: Virtualmin
 CVE-2023-46485 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-46484 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-46378 (Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allow ...)
-	TODO: check
+	NOT-FOR-US: MiniCMS
 CVE-2023-46278 (Uncontrolled resource consumption vulnerability in Cybozu Remote Servi ...)
-	TODO: check
+	NOT-FOR-US: Cybozu
 CVE-2023-44486 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...)
-	TODO: check
+	NOT-FOR-US: Online Blood Donation Management System
 CVE-2023-44485 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...)
-	TODO: check
+	NOT-FOR-US: Online Blood Donation Management System
 CVE-2023-44484 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...)
-	TODO: check
+	NOT-FOR-US: Online Blood Donation Management System
 CVE-2023-43295 (Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd ...)
-	TODO: check
+	NOT-FOR-US: Click Studios (SA) Pty Ltd Passwordstate
 CVE-2023-39695 (Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12  ...)
-	TODO: check
+	NOT-FOR-US: Elenos
 CVE-2023-39610 (An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) an ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2023-37833 (Improper access control in Elenos ETG150 FM transmitter v3.12 allows a ...)
-	TODO: check
+	NOT-FOR-US: Elenos
 CVE-2023-2622 (Authenticated clients can read arbitrary files on the MAIN Computer sy ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-2621 (The McFeeder server (distributed as part of SSW package), is susceptib ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2023-5859
 	- chromium <unfixed>
 	[buster] - chromium <end-of-life> (see DSA 5046)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9925c27389e0ff5f3f8da9543a1e041bb6395b31

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9925c27389e0ff5f3f8da9543a1e041bb6395b31
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231101/4b9d6474/attachment.htm>

More information about the debian-security-tracker-commits mailing list