[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sun, 17 Sep 2023 01:49:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
4075a7d1 by Salvatore Bonaccorso at 2023-09-17T10:48:25+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,17 +17,17 @@ CVE-2023-5018 (A vulnerability classified as critical has 
been found in SourceCo
 CVE-2023-5017 (A vulnerability was found in lmxcms up to 1.41. It has been 
rated as c ...)
        NOT-FOR-US: lmxcms
 CVE-2023-5016 (A vulnerability was found in spider-flow up to 0.5.0. It has 
been decl ...)
-       TODO: check
+       NOT-FOR-US: spider-flow
 CVE-2023-5015 (A vulnerability was found in UCMS 1.4.7. It has been classified 
as pro ...)
        NOT-FOR-US: UCMS
 CVE-2023-5014 (A vulnerability was found in Sakshi2610 Food Ordering Website 
1.0 and  ...)
        NOT-FOR-US: Sakshi2610 Food Ordering Website
 CVE-2023-5013 (A vulnerability has been found in Pluck CMS 4.7.18 and 
classified as p ...)
-       TODO: check
+       NOT-FOR-US: Pluck CMS
 CVE-2023-5012 (A vulnerability, which was classified as problematic, was found 
in Top ...)
-       TODO: check
+       NOT-FOR-US: Topaz OFD
 CVE-2023-38040 (A reflected XSS vulnerability exists in Revive Adserver 5.4.1 
and earl ...)
-       TODO: check
+       NOT-FOR-US: Revive Adserver
 CVE-2023-3025 (The Dropbox Folder Share plugin for WordPress is vulnerable to 
Server- ...)
        NOT-FOR-US: Dropbox Folder Share plugin for WordPress
 CVE-2023-43091 [Code injection via service.json file]
@@ -66,7 +66,7 @@ CVE-2023-41157 (Multiple stored cross-site scripting (XSS) 
vulnerabilities in Us
 CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin 
Control Panel  ...)
        NOT-FOR-US: vBulletin
 CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser 
before v2.23 ...)
-       TODO: check
+       NOT-FOR-US: FileBrowser
 CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege 
Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability)
@@ -144,7 +144,7 @@ CVE-2023-42398 (An issue in zzCMS v.2023 allows a remote 
attacker to execute arb
 CVE-2023-42362 (An arbitrary file upload vulnerability in Teller Web App 
v.4.4.0 allow ...)
        NOT-FOR-US: Teller Web App
 CVE-2023-42270 (Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery 
(CSRF).)
-       TODO: check
+       NOT-FOR-US: Grocy
 CVE-2023-41889 (SHIRASAGI is a Content Management System. Prior to version 
1.18.0, SHI ...)
        NOT-FOR-US: SHIRASAGI
 CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
@@ -152,7 +152,7 @@ CVE-2023-41887 (OpenRefine is a powerful free, open source 
tool for working with
 CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working 
with messy ...)
        TODO: check
 CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime 
versions fr ...)
-       TODO: check
+       NOT-FOR-US: Wasmtime
 CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a 
cross-site  ...)
        NOT-FOR-US: Froala Editor
 CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
@@ -212,7 +212,7 @@ CVE-2023-39639 (LeoTheme leoblog up to v3.1.2 was 
discovered to contain a SQL in
 CVE-2023-39638 (D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to 
contain ...)
        NOT-FOR-US: D-LINK
 CVE-2023-38912 (SQL injection vulnerability in Super Store Finder PHP Script 
v.3.6 all ...)
-       TODO: check
+       NOT-FOR-US: Super Store Finder PHP Script
 CVE-2023-38891 (SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a 
remote auth ...)
        NOT-FOR-US: Vtiger CRM
 CVE-2023-38706 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)
@@ -226,11 +226,11 @@ CVE-2023-37281 (Contiki-NG is an operating system for 
internet-of-things devices
 CVE-2023-37263 (Strapi is the an open-source headless content management 
system. Prior ...)
        NOT-FOR-US: Strapi
 CVE-2023-36659 (An issue was discovered in OPSWAT MetaDefender KIOSK 
4.6.1.9996. Long  ...)
-       TODO: check
+       NOT-FOR-US: OPSWAT MetaDefender KIOSK
 CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 
4.6.1.9996. It ha ...)
-       TODO: check
+       NOT-FOR-US: OPSWAT MetaDefender KIOSK
 CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 
4.6.1.9996. Built ...)
-       TODO: check
+       NOT-FOR-US: OPSWAT MetaDefender KIOSK
 CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository 
for the ...)
        TODO: check
 CVE-2023-36472 (Strapi is the an open-source headless content management 
system. Prior ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4075a7d10df2fb7175c2c4bed53f5cde3d35ca55

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4075a7d10df2fb7175c2c4bed53f5cde3d35ca55
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to