[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 14 08:29:17 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
630a97fb by Salvatore Bonaccorso at 2023-11-14T09:28:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2023-6115
 	REJECTED
 CVE-2023-6109 (The YOP Poll plugin for WordPress is vulnerable to a race condition in ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-6107
 	REJECTED
 CVE-2023-6106
@@ -25,43 +25,43 @@ CVE-2023-6034
 CVE-2023-6010
 	REJECTED
 CVE-2023-6006 (This vulnerability allows local attackers to escalate privileges on af ...)
-	TODO: check
+	NOT-FOR-US: PaperCut NG
 CVE-2023-5977
 	REJECTED
 CVE-2023-4603 (The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47697 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47696 (Unauth. Stored Cross-Site Scripting (XSS) vulnerabilityin Gravity Mast ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47695 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47690 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47684 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePun ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47680 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47673 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47665 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47662 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gold ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47657 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-47629 (DataHub is an open-source metadata platform. In affected versions sign ...)
-	TODO: check
+	NOT-FOR-US: DataHub
 CVE-2023-47628 (DataHub is an open-source metadata platform. DataHub Frontend's sessio ...)
-	TODO: check
+	NOT-FOR-US: DataHub
 CVE-2023-47625 (PX4 autopilot is a flight control solution for drones. In affected ver ...)
-	TODO: check
+	NOT-FOR-US: PX4 autopilot
 CVE-2023-47609 (SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3  ...)
-	TODO: check
+	NOT-FOR-US: OSS Calendar
 CVE-2023-47346 (Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2 ...)
-	TODO: check
+	NOT-FOR-US: free5GC
 CVE-2023-47117 (Label Studio is an open source data labeling tool. In all current vers ...)
-	TODO: check
+	NOT-FOR-US: Label Studio
 CVE-2023-46446 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to control t ...)
 	- python-asyncssh <unfixed>
 	NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
@@ -69,39 +69,39 @@ CVE-2023-46445 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to con
 	- python-asyncssh <unfixed>
 	NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
 CVE-2023-46021 (SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank  ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46020 (Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46019 (Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects B ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46018 (SQL injection vulnerability in receiverReg.php in Code-Projects Blood  ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46017 (SQL Injection vulnerability in receiverLogin.php in Code-Projects Bloo ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46016 (Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0  ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46015 (Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46014 (SQL Injection vulnerability in hospitalLogin.php in Code-Projects Bloo ...)
-	TODO: check
+	NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-45881 (GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resour ...)
-	TODO: check
+	NOT-FOR-US: GibbonEdu Gibbon
 CVE-2023-45880 (GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via ...)
-	TODO: check
+	NOT-FOR-US: GibbonEdu Gibbon
 CVE-2023-45879 (GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME el ...)
-	TODO: check
+	NOT-FOR-US: GibbonEdu Gibbon
 CVE-2023-45878 (GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write ...)
-	TODO: check
+	NOT-FOR-US: GibbonEdu Gibbon
 CVE-2023-45560 (An issue in Yasukawa memberscard v.13.6.1 allows attackers to send cra ...)
-	TODO: check
+	NOT-FOR-US: Yasukawa memberscard
 CVE-2023-45558 (An issue in Golden v.13.6.1 allows attackers to send crafted notificat ...)
-	TODO: check
+	NOT-FOR-US: Golden
 CVE-2023-43902 (Incorrect access control in the Forgot Your Password function of EMSig ...)
-	TODO: check
+	NOT-FOR-US: EMSigner
 CVE-2023-43901 (Incorrect access control in the AdHoc User creation form of EMSigner v ...)
-	TODO: check
+	NOT-FOR-US: EMSigner
 CVE-2023-43900 (Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow atta ...)
-	TODO: check
+	NOT-FOR-US: EMSigner
 CVE-2023-42816 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...)
 	TODO: check
 CVE-2023-42815 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/630a97fb7e67da0ae1832f0e17edfd0beb8c68c1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/630a97fb7e67da0ae1832f0e17edfd0beb8c68c1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231114/cf7c040d/attachment.htm>

More information about the debian-security-tracker-commits mailing list