[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 31 09:25:56 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0a55157d by Salvatore Bonaccorso at 2023-10-31T10:25:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2023-5864 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten
 CVE-2023-5863 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...)
 	NOT-FOR-US: phpmyfaq
 CVE-2023-5862 (Missing Authorization in GitHub repository hamza417/inure prior to Bui ...)
-	TODO: check
+	NOT-FOR-US: hamza417/inure
 CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...)
 	NOT-FOR-US: microweber
 CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework fo ...)
@@ -41,31 +41,31 @@ CVE-2023-45899 (An issue in the component SuperUserSetuserModuleFrontController:
 CVE-2023-45804
 	REJECTED
 CVE-2023-45672 (Frigate is an open source network video recorder. Prior to version 0.1 ...)
-	TODO: check
+	NOT-FOR-US: Frigate
 CVE-2023-45671 (Frigate is an open source network video recorder. Prior to version 0.1 ...)
-	TODO: check
+	NOT-FOR-US: Frigate
 CVE-2023-45670 (Frigate is an open source network video recorder. Prior to version 0.1 ...)
-	TODO: check
+	NOT-FOR-US: Frigate
 CVE-2023-45378 (In the module "PrestaBlog" (prestablog) version 4.4.7 and before from  ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-44397 (CloudExplorer Lite is an open source, lightweight cloud management pla ...)
-	TODO: check
+	NOT-FOR-US: CloudExplorer Lite
 CVE-2023-43798 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...)
-	TODO: check
+	NOT-FOR-US: BigBlueButton
 CVE-2023-43797 (BigBlueButton is an open-source virtual classroom. Prior to versions 2 ...)
-	TODO: check
+	NOT-FOR-US: BigBlueButton
 CVE-2023-43139 (An issue in franfinance before v.2.0.27 allows a remote attacker to ex ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-42323 (Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 all ...)
-	TODO: check
+	NOT-FOR-US: DouHaocms
 CVE-2023-36263 (Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL In ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion in the c ...)
 	TODO: check
 CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-targe ...)
 	TODO: check
 CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack again ...)
-	TODO: check
+	NOT-FOR-US: JHipster generator-jhipster
 CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script]
 	- salt <unfixed>
 	NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
@@ -166,7 +166,7 @@ CVE-2023-45797 (A Buffer overflow vulnerability in DreamSecurity MagicLine4NX ve
 CVE-2023-45746 (Cross-site scripting vulnerability in Movable Type series allows a rem ...)
 	TODO: check
 CVE-2023-44141 (Inkdrop prior to v5.6.0 allows a local attacker to conduct a code inje ...)
-	TODO: check
+	NOT-FOR-US: Inkdrop
 CVE-2023-44002
 	REJECTED
 CVE-2007-10003 (A vulnerability, which was classified as critical, has been found in T ...)
@@ -35005,7 +35005,7 @@ CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote code
 CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and be ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-27846 (SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop module
 CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs before v ...)
 	NOT-FOR-US: PrestaShop
 CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and  ...)
@@ -81630,7 +81630,7 @@ CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer ov
 	- wolfssl 5.5.3-1 (bug #1021021)
 	[bullseye] - wolfssl <no-dsa> (Minor issue)
 CVE-2022-39172 (A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) ...)
-	TODO: check
+	NOT-FOR-US: mbsupport openVIVA c2
 CVE-2022-39171
 	RESERVED
 CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_f ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a55157dc0c94850bf793dd4ee77a82a40b14f4f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a55157dc0c94850bf793dd4ee77a82a40b14f4f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231031/94c02411/attachment.htm>

More information about the debian-security-tracker-commits mailing list