[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Sep 30 09:44:32 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
86feeac3 by Salvatore Bonaccorso at 2023-09-30T10:42:35+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,51 +1,51 @@
 CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-5319 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-5318 (Use of Hard-coded Credentials in GitHub repository microweber/microweb ...)
-	TODO: check
+	NOT-FOR-US: microweber
 CVE-2023-5317 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-5316 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-5298 (A vulnerability was found in Tongda OA 2017. It has been rated as crit ...)
-	TODO: check
+	NOT-FOR-US: Tongda OA
 CVE-2023-5297 (A vulnerability was found in Xinhu RockOA 2.3.2. It has been classifie ...)
-	TODO: check
+	NOT-FOR-US: Xinhu RockOA
 CVE-2023-5296 (A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and clas ...)
-	TODO: check
+	NOT-FOR-US: Xinhu RockOA
 CVE-2023-5295 (The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: Blog Filter plugin for WordPress
 CVE-2023-5294 (A vulnerability has been found in ECshop 4.1.1 and classified as criti ...)
-	TODO: check
+	NOT-FOR-US: ECshop
 CVE-2023-5293 (A vulnerability, which was classified as critical, was found in ECshop ...)
-	TODO: check
+	NOT-FOR-US: ECshop
 CVE-2023-5227 (Unrestricted Upload of File with Dangerous Type in GitHub repository t ...)
-	TODO: check
+	NOT-FOR-US: phpmyfaq
 CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code Executi ...)
-	TODO: check
+	NOT-FOR-US: OpenHook plugin for WordPress
 CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. It affects linters u ...)
 	TODO: check
 CVE-2023-43711 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43710 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43709 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43708 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43707 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43706 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43705 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43704 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43703 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-43702 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...)
-	TODO: check
+	NOT-FOR-US: Os Commerce
 CVE-2023-5289 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...)
 	- rdiffweb <itp> (bug #969974)
 CVE-2023-5288 (A remote unauthorized attacker may connect to the SIM1012, interact wi ...)
@@ -107,7 +107,7 @@ CVE-2023-5259 (A vulnerability classified as problematic was found in ForU CMS.
 CVE-2023-5258 (A vulnerability classified as critical has been found in OpenRapid Rap ...)
 	NOT-FOR-US: OpenRapid RapidCMS
 CVE-2023-5257 (A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It  ...)
-	TODO: check
+	NOT-FOR-US: WhiteHSBG JNDIExploit
 CVE-2023-5196 (Mattermost fails to enforce character limits in all possible notificat ...)
 	TODO: check
 CVE-2023-5195 (Mattermost fails to properly validate the permissions when soft deleti ...)
@@ -119,29 +119,29 @@ CVE-2023-5193 (Mattermost fails to properly check permissions when retrieving a
 CVE-2023-5159 (Mattermost fails to properly verify the permissions when managing/upda ...)
 	TODO: check
 CVE-2023-43944 (A Stored Cross Site Scripting (XSS) vulnerability was found in SourceC ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Task Management System
 CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to contain ...)
-	TODO: check
+	NOT-FOR-US: Hospital Management System
 CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a composer. ...)
 	TODO: check
 CVE-2023-41691 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41687 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41666 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovamba ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41662 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benj ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41661 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pres ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-41658 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41657 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions starting ...)
 	TODO: check
 CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write response' pac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86feeac3c29c30ae7bb376cdc48ac09b62d93590

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/86feeac3c29c30ae7bb376cdc48ac09b62d93590
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230930/833d35ce/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list