[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Sep 6 21:03:09 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a4df7f6 by Salvatore Bonaccorso at 2023-09-06T22:02:42+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -312,9 +312,9 @@ CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_p
NOTE: https://github.com/FRRouting/frr/commit/cc1a551cb007cc8ed8b1ea0605a7ab46c16de12b (frr-8.5.1)
NOTE: https://github.com/FRRouting/frr/commit/0a12b878082f77b67ad5d9b4782846ac738575a2 (frr-8.4.4)
CVE-2023-41908 (Cerebrate before 1.15 lacks the Secure attribute for the session cooki ...)
- TODO: check
+ NOT-FOR-US: Cerebrate
CVE-2023-41058 (Parse Server is an open source backend server. In affected versions th ...)
- TODO: check
+ NOT-FOR-US: Node parse-server
CVE-2023-41057 (hyper-bump-it is a command line tool for updating the version in proje ...)
TODO: check
CVE-2023-41055 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...)
@@ -328,45 +328,45 @@ CVE-2023-40937
CVE-2023-40936
REJECTED
CVE-2023-40705 (Stored cross-site scripting vulnerability in Map setting page of VI We ...)
- TODO: check
+ NOT-FOR-US: VI Web Client
CVE-2023-40535 (Stored cross-site scripting vulnerability in View setting page of VI W ...)
- TODO: check
+ NOT-FOR-US: VI Web Client
CVE-2023-40214 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2023-40208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksand ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40206 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40205 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40197 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40196 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-40015 (Vyper is a Pythonic Smart Contract Language. For the following (probab ...)
- TODO: check
+ NOT-FOR-US: Vyper
CVE-2023-3814 (The Advanced File Manager WordPress plugin before 5.1.1 does not adequ ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3499 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3222 (Vulnerability in the password recovery mechanism of Password Recovery ...)
- TODO: check
+ NOT-FOR-US: Roundcube plugin
CVE-2023-3221 (User enumeration vulnerability in Password Recovery plugin 1.2 version ...)
- TODO: check
+ NOT-FOR-US: Roundcube plugin
CVE-2023-39992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Co ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39991 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindsid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39988 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39938 (Reflected cross-site scripting vulnerability in VI Web Client prior to ...)
- TODO: check
+ NOT-FOR-US: VI Web Client
CVE-2023-39919 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maen ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39448 (Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a r ...)
TODO: check
CVE-2023-39164 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4df7f63d5daf6ce624988145e8d938de77ac9d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4df7f63d5daf6ce624988145e8d938de77ac9d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230906/3bf10972/attachment.htm>
More information about the debian-security-tracker-commits
mailing list