Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6b6a7ee by Salvatore Bonaccorso at 2023-10-24T10:26:19+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,19 +1,19 @@
CVE-2023-5746 (A vulnerability regarding use of externally-controlled format
string i ...)
- TODO: check
+ NOT-FOR-US: Synology
CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core
geeklog v.2.2 ...)
- TODO: check
+ NOT-FOR-US: Geeklog-Core geeklog
CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core
geeklog v.2.2 ...)
- TODO: check
+ NOT-FOR-US: Geeklog-Core geeklog
CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS).
Customizing g ...)
- TODO: check
+ NOT-FOR-US: kodbox
CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows
a remot ...)
- TODO: check
+ NOT-FOR-US: WenwenaiCMS
CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind
Server-Side Req ...)
- TODO: check
+ NOT-FOR-US: umputun remark42
CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in
Concrete CMS v. ...)
- TODO: check
+ NOT-FOR-US: Concrete CMS
CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18
allows a ...)
- TODO: check
+ NOT-FOR-US: CMSmadesimple
CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28
allows a remo ...)
TODO: check
CVE-2023-39817
@@ -25,11 +25,11 @@ CVE-2023-39815
CVE-2023-39814
REJECTED
CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk
Community ...)
- TODO: check
+ NOT-FOR-US: UVDesk Community Skeleton
CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated
attackers to p ...)
- TODO: check
+ NOT-FOR-US: UVDesk Community Skeleton
CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control
(Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: carRental
CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951
and CVE ...)
- linux 6.5.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -82375,9 +82375,9 @@ CVE-2022-2922 (Relative Path Traversal in GitHub
repository dnnsoftware/dnn.plat
CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized
Actor in G ...)
NOT-FOR-US: NotrinosERP
CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt
Portal prior ...)
- TODO: check
+ NOT-FOR-US: AgeVolt Portal
CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability
exist i ...)
- TODO: check
+ NOT-FOR-US: AgeVolt Portal
CVE-2022-38483
RESERVED
CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX
15.2.0.6110 bef ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b6a7ee2eed8d55469dfa6468d0a969f3f54e24
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6b6a7ee2eed8d55469dfa6468d0a969f3f54e24
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
