[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 28 09:42:58 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
042f62b5 by Salvatore Bonaccorso at 2023-09-28T10:42:13+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
 CVE-2023-5244 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...)
-	TODO: check
+	NOT-FOR-US: microweber
 CVE-2023-5233 (The Font Awesome Integration plugin for WordPress is vulnerable to Sto ...)
-	TODO: check
+	NOT-FOR-US: Font Awesome Integration plugin for WordPress
 CVE-2023-5232 (The Font Awesome More Icons plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: Font Awesome More Icons plugin for WordPress
 CVE-2023-5230 (The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: TM WooCommerce Compare & Wishlist plugin for WordPress
 CVE-2023-44276 (OPNsense before 23.7.5 allows XSS via the index.php sequence parameter ...)
-	TODO: check
+	NOT-FOR-US: OPNsense
 CVE-2023-44275 (OPNsense before 23.7.5 allows XSS via the index.php column_count param ...)
-	TODO: check
+	NOT-FOR-US: OPNsense
 CVE-2023-44273 (Consensys gnark-crypto through 0.11.2 allows Signature Malleability. T ...)
 	TODO: check
 CVE-2023-44080 (An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attack ...)
-	TODO: check
+	NOT-FOR-US: PGYER codefever
 CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that d ...)
-	TODO: check
+	NOT-FOR-US: Warpgate
 CVE-2023-43656 (matrix-hookshot is a Matrix bot for connecting to external services li ...)
 	TODO: check
 CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated user can e ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, ...)
-	TODO: check
+	NOT-FOR-US: Proxmox
 CVE-2023-43314 (Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a r ...)
-	TODO: check
+	NOT-FOR-US: ZYXEL
 CVE-2023-43233 (A stored cross-site scripting (XSS) vulnerability in the cms/content/e ...)
-	TODO: check
+	NOT-FOR-US: YZNCMS
 CVE-2023-43192 (SQL injection can exist in a newly created part of the JFinalcms backg ...)
-	TODO: check
+	NOT-FOR-US: JFinalcms
 CVE-2023-43191 (JFinalCMS foreground message can be embedded malicious code saved in t ...)
-	TODO: check
+	NOT-FOR-US: JFinalCMS
 CVE-2023-42818 (JumpServer is an open source bastion host. When users enable MFA and u ...)
-	TODO: check
+	NOT-FOR-US: JumpServer
 CVE-2023-42222 (WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebC ...)
-	TODO: check
+	NOT-FOR-US: WebCatalog
 CVE-2023-41453 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41452 (Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1. ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41451 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41450 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41449 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41448 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41447 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41446 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41445 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...)
-	TODO: check
+	NOT-FOR-US: phpkobo AjaxNewTicker
 CVE-2023-41444 (An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attac ...)
 	TODO: check
 CVE-2023-40026 (Argo CD is a declarative continuous deployment framework for Kubernete ...)
-	TODO: check
+	NOT-FOR-US: Argo CD
 CVE-2023-38877 (A host header injection vulnerability exists in gugoan's Economizzer v ...)
 	TODO: check
 CVE-2023-38874 (A remote code execution (RCE) vulnerability via an insecure file uploa ...)
@@ -259,7 +259,7 @@ CVE-2023-40044 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authen
 CVE-2023-33972 (Scylladb is a NoSQL data store using the seastar framework, compatible ...)
 	TODO: check
 CVE-2023-32458 (Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack relea ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2023-XXXX [code execution via malformed XTGETTCAP]
 	- foot 1.15.3-2 (bug #1053115)
 	[bookworm] - foot <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/042f62b556ded32e1eb12c713cc8a44347fc1340

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/042f62b556ded32e1eb12c713cc8a44347fc1340
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230928/80dc0d19/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list