[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Nov 4 17:48:30 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3af980d by Moritz Muehlenhoff at 2023-11-04T18:48:05+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2023-4592 (A Cross-Site Scripting vulnerability has been detected in WPN-XM
 CVE-2023-4591 (A local file inclusion vulnerability has been found in WPN-XM Serverst ...)
 	NOT-FOR-US: WPN-XM Serverstack
 CVE-2023-4043 (In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from  ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Parsson
 CVE-2023-46980 (An issue in Best Courier Management System v.1.0 allows a remote attac ...)
 	NOT-FOR-US: Best Courier Management System
 CVE-2023-46947 (Subrion 4.2.1 has a remote command execution vulnerability in the back ...)
@@ -73,7 +73,7 @@ CVE-2023-32121 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2023-5948 (Improper Authorization in GitHub repository teamamaze/amazefileutiliti ...)
 	NOT-FOR-US: amazefileutilities
 CVE-2023-5763 (In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower t ...)
-	TODO: check
+	NOT-FOR-US: Eclipse Glassfish
 CVE-2023-46958 (An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrar ...)
 	NOT-FOR-US: lmxcms
 CVE-2023-46954 (SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1 ...)
@@ -346,7 +346,7 @@ CVE-2023-5849 (Integer overflow in USB in Google Chrome prior to 119.0.6045.105
 	- chromium 119.0.6045.105-1
 	[buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-5847 (Under certain conditions, a low privileged attacker could load a speci ...)
-	TODO: check
+	NOT-FOR-US: Tenable
 CVE-2023-5766 (A remote code execution vulnerability in Remote Desktop Manager 2023.2 ...)
 	NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2023-5765 (Improper access control in the password analyzer feature in Devolution ...)
@@ -54610,7 +54610,7 @@ CVE-2022-47590 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fu
 CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47588 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Corn ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47586 (Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons ...)
@@ -56334,7 +56334,7 @@ CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chart
 CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47445 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...)
@@ -56372,7 +56372,7 @@ CVE-2022-47428
 CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47425
 	RESERVED
 CVE-2022-47424
@@ -58161,7 +58161,7 @@ CVE-2022-46861 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2022-46860
 	RESERVED
 CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.R ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46857 (Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= ...)
@@ -58306,7 +58306,7 @@ CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli T
 CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46818 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro A ...)
@@ -61476,7 +61476,7 @@ CVE-2022-45807 (Cross-Site Request Forgery (CSRF) inWPVibes WP Mail Log plugin <
 CVE-2022-45806
 	RESERVED
 CVE-2022-45805 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45803
@@ -66355,7 +66355,7 @@ CVE-2022-44570 (A denial of service vulnerability in the Range header parsing co
 	NOTE: https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437 (v2.1.4.2)
 	NOTE: https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1 (v2.2.6.2)
 CVE-2022-44569 (A locally authenticated attacker with low privileges can bypass authen ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-44568
 	RESERVED
 CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.1 ...)
@@ -70717,9 +70717,9 @@ CVE-2022-43557 (The BD BodyGuard\u2122 infusion pumps specified allow for access
 CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...)
 	NOT-FOR-US: Concrete CMS
 CVE-2022-43555 (Ivanti Avalanche Printer Device Service Missing Authentication Local P ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-43554 (Ivanti Avalanche Smart Device Service Missing Authentication Local Pri ...)
-	TODO: check
+	NOT-FOR-US: Ivanti
 CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2.0.9-ho ...)
 	NOT-FOR-US: EdgeRouters
 CVE-2022-43552 (A use after free vulnerability exists in curl <7.87.0. Curl can be ask ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3af980d12ed735175b5454224f3a90df590e43f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3af980d12ed735175b5454224f3a90df590e43f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231104/b1b2fbbc/attachment.htm>

More information about the debian-security-tracker-commits mailing list