[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Nov 1 14:27:22 GMT 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9eb509ca by Moritz Muehlenhoff at 2023-11-01T15:26:56+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -269,7 +269,7 @@ CVE-2023-40050 (Upload profile either through API or user interface in Chef Auto
CVE-2023-38994 (An issue in Univention UCS v.5.0 allows a local attacker to execute ar ...)
NOT-FOR-US: Univention
CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: Solwin Infotech
CVE-2023-37832 (A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows a ...)
NOT-FOR-US: Elenos
CVE-2023-37831 (An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attac ...)
@@ -1252,7 +1252,7 @@ CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If an
NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
NOTE: https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1 (3.0.1)
CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. ...)
- TODO: check
+ NOT-FOR-US: rs-stellar-strkey
CVE-2023-46126 (Fides is an open-source privacy engineering platform for managing the ...)
NOT-FOR-US: Fides
CVE-2023-46125 (Fides is an open-source privacy engineering platform for managing the ...)
@@ -1262,7 +1262,7 @@ CVE-2023-46124 (Fides is an open-source privacy engineering platform for managin
CVE-2023-46123 (jumpserver is an open source bastion machine, professional operation a ...)
NOT-FOR-US: JumpServer
CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based application ...)
- TODO: check
+ NOT-FOR-US: RabbitMQ Java client library
CVE-2023-46119 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API ...)
@@ -1317,7 +1317,7 @@ CVE-2023-37283 (Under a very specific and highly unrecommended configuration, au
CVE-2023-36085 (The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host he ...)
NOT-FOR-US: sisqualWFM
CVE-2023-34085 (When an AWS DynamoDB table is used for user attribute storage, it is p ...)
- TODO: check
+ NOT-FOR-US: AWS
CVE-2023-34056 (vCenter Server contains a partial information disclosure vulnerability ...)
NOT-FOR-US: VMware
CVE-2023-34048 (vCenter Server contains an out-of-bounds write vulnerability in the im ...)
@@ -1616,7 +1616,7 @@ CVE-2023-46331 (WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in Da
CVE-2023-46127 (Frappe is a full-stack web application framework that uses Python and ...)
NOT-FOR-US: Frappe Framework
CVE-2023-46122 (sbt is a build tool for Scala, Java, and others. Given a specially cra ...)
- TODO: check
+ NOT-FOR-US: sbt
CVE-2023-43074 (Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A ...)
NOT-FOR-US: Dell
CVE-2023-43067 (Dell Unity prior to 5.3 contains an XML External Entity injection vuln ...)
@@ -2631,7 +2631,7 @@ CVE-2023-42628 (Stored cross-site scripting (XSS) vulnerability in the Wiki widg
CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Comm ...)
NOT-FOR-US: Liferay
CVE-2023-39902 (A software vulnerability has been identified in the U-Boot Secondary P ...)
- TODO: check
+ NOT-FOR-US: NXP
CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan Presence, deploy ...)
NOT-FOR-US: HCL
CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability. ...)
@@ -24371,7 +24371,7 @@ CVE-2023-31214
CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31211
RESERVED
CVE-2023-31210
@@ -31841,7 +31841,7 @@ CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vl
CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28777 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: Lightbox plugin
CVE-2023-28775
@@ -39623,7 +39623,7 @@ CVE-2023-26221
CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analy ...)
NOT-FOR-US: TIBCO
CVE-2023-26219 (The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TI ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contain ...)
NOT-FOR-US: TIBCO
CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX ...)
@@ -43379,11 +43379,11 @@ CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-25048
RESERVED
CVE-2023-25047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25043
@@ -45478,7 +45478,7 @@ CVE-2023-24412 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24410 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -46461,7 +46461,7 @@ CVE-2023-24002 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
CVE-2023-24001 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yann ...)
NOT-FOR-US: WordPress plugin
CVE-2023-24000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...)
@@ -83157,7 +83157,7 @@ CVE-2022-3008 (The tinygltf library uses the C library function wordexp() to per
NOTE: https://github.com/syoyo/tinygltf/issues/368
NOTE: https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751
CVE-2022-3007 (The vulnerability exists in Syska SW100 Smartwatch due to an improper ...)
- TODO: check
+ NOT-FOR-US: Syska
CVE-2022-3006
RESERVED
CVE-2022-3005 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...)
@@ -478001,7 +478001,7 @@ CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) catego
CVE-2016-1204
RESERVED
CVE-2016-1203 (Improper file verification vulnerability in SaAT Netizen installer ver ...)
- TODO: check
+ NOT-FOR-US: SaAT Netizen
CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before 0.33.5 all ...)
NOT-FOR-US: Atom Electron
CVE-2016-1201 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9eb509ca0d0df47c9315cfb1e597bed67b78b0df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9eb509ca0d0df47c9315cfb1e597bed67b78b0df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231101/feab87a3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list