Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
042f62b5 by Salvatore Bonaccorso at 2023-09-28T10:42:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,61 +1,61 @@
CVE-2023-5244 (Cross-site Scripting (XSS) - Reflected in GitHub repository
microweber ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2023-5233 (The Font Awesome Integration plugin for WordPress is vulnerable
to Sto ...)
- TODO: check
+ NOT-FOR-US: Font Awesome Integration plugin for WordPress
CVE-2023-5232 (The Font Awesome More Icons plugin for WordPress is vulnerable
to Stor ...)
- TODO: check
+ NOT-FOR-US: Font Awesome More Icons plugin for WordPress
CVE-2023-5230 (The TM WooCommerce Compare & Wishlist plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: TM WooCommerce Compare & Wishlist plugin for WordPress
CVE-2023-44276 (OPNsense before 23.7.5 allows XSS via the index.php sequence
parameter ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2023-44275 (OPNsense before 23.7.5 allows XSS via the index.php
column_count param ...)
- TODO: check
+ NOT-FOR-US: OPNsense
CVE-2023-44273 (Consensys gnark-crypto through 0.11.2 allows Signature
Malleability. T ...)
TODO: check
CVE-2023-44080 (An issue in PGYER codefever v.2023.8.14-2ce4006 allows a
remote attack ...)
- TODO: check
+ NOT-FOR-US: PGYER codefever
CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for
Linux that d ...)
- TODO: check
+ NOT-FOR-US: Warpgate
CVE-2023-43656 (matrix-hookshot is a Matrix bot for connecting to external
services li ...)
TODO: check
CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated
user can e ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4
thru v.8.0, ...)
- TODO: check
+ NOT-FOR-US: Proxmox
CVE-2023-43314 (Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B
allows a r ...)
- TODO: check
+ NOT-FOR-US: ZYXEL
CVE-2023-43233 (A stored cross-site scripting (XSS) vulnerability in the
cms/content/e ...)
- TODO: check
+ NOT-FOR-US: YZNCMS
CVE-2023-43192 (SQL injection can exist in a newly created part of the
JFinalcms backg ...)
- TODO: check
+ NOT-FOR-US: JFinalcms
CVE-2023-43191 (JFinalCMS foreground message can be embedded malicious code
saved in t ...)
- TODO: check
+ NOT-FOR-US: JFinalCMS
CVE-2023-42818 (JumpServer is an open source bastion host. When users enable
MFA and u ...)
- TODO: check
+ NOT-FOR-US: JumpServer
CVE-2023-42222 (WebCatalog before 49.0 is vulnerable to Incorrect Access
Control. WebC ...)
- TODO: check
+ NOT-FOR-US: WebCatalog
CVE-2023-41453 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker
v.1.0.5 al ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41452 (Cross Site Request Forgery vulnerability in phpkobo
AjaxNewTicker v.1. ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41451 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker
v.1.0.5 al ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41450 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41449 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote
attacker to ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41448 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker
v.1.0.5 al ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41447 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker
v.1.0.5 al ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41446 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker
v.1.0.5 al ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41445 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker
v.1.0.5 al ...)
- TODO: check
+ NOT-FOR-US: phpkobo AjaxNewTicker
CVE-2023-41444 (An issue in Binalyze IREC.sys v.3.11.0 and before allows a
local attac ...)
TODO: check
CVE-2023-40026 (Argo CD is a declarative continuous deployment framework for
Kubernete ...)
- TODO: check
+ NOT-FOR-US: Argo CD
CVE-2023-38877 (A host header injection vulnerability exists in gugoan's
Economizzer v ...)
TODO: check
CVE-2023-38874 (A remote code execution (RCE) vulnerability via an insecure
file uploa ...)
@@ -259,7 +259,7 @@ CVE-2023-40044 (In WS_FTP Server versions prior to 8.7.4
and 8.8.2, a pre-authen
CVE-2023-33972 (Scylladb is a NoSQL data store using the seastar framework,
compatible ...)
TODO: check
CVE-2023-32458 (Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service
Pack relea ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-XXXX [code execution via malformed XTGETTCAP]
- foot 1.15.3-2 (bug #1053115)
[bookworm] - foot <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/042f62b556ded32e1eb12c713cc8a44347fc1340
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/042f62b556ded32e1eb12c713cc8a44347fc1340
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
