[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Sat, 04 Nov 2023 10:51:30 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d3af980d by Moritz Muehlenhoff at 2023-11-04T18:48:05+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,7 @@ CVE-2023-4592 (A Cross-Site Scripting vulnerability has been 
detected in WPN-XM
 CVE-2023-4591 (A local file inclusion vulnerability has been found in WPN-XM 
Serverst ...)
        NOT-FOR-US: WPN-XM Serverstack
 CVE-2023-4043 (In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing 
JSON from  ...)
-       TODO: check
+       NOT-FOR-US: Eclipse Parsson
 CVE-2023-46980 (An issue in Best Courier Management System v.1.0 allows a 
remote attac ...)
        NOT-FOR-US: Best Courier Management System
 CVE-2023-46947 (Subrion 4.2.1 has a remote command execution vulnerability in 
the back ...)
@@ -73,7 +73,7 @@ CVE-2023-32121 (Improper Neutralization of Special Elements 
used in an SQL Comma
 CVE-2023-5948 (Improper Authorization in GitHub repository 
teamamaze/amazefileutiliti ...)
        NOT-FOR-US: amazefileutilities
 CVE-2023-5763 (In Eclipse Glassfish 5 or 6, running with old versions of JDK 
(lower t ...)
-       TODO: check
+       NOT-FOR-US: Eclipse Glassfish
 CVE-2023-46958 (An issue in lmxcms v.1.41 allows a remote attacker to execute 
arbitrar ...)
        NOT-FOR-US: lmxcms
 CVE-2023-46954 (SQL Injection vulnerability in Relativity ODA LLC 
RelativityOne v.12.1 ...)
@@ -346,7 +346,7 @@ CVE-2023-5849 (Integer overflow in USB in Google Chrome 
prior to 119.0.6045.105
        - chromium 119.0.6045.105-1
        [buster] - chromium <end-of-life> (see DSA 5046)
 CVE-2023-5847 (Under certain conditions, a low privileged attacker could load 
a speci ...)
-       TODO: check
+       NOT-FOR-US: Tenable
 CVE-2023-5766 (A remote code execution vulnerability in Remote Desktop Manager 
2023.2 ...)
        NOT-FOR-US: Devolutions Remote Desktop Manager
 CVE-2023-5765 (Improper access control in the password analyzer feature in 
Devolution ...)
@@ -54610,7 +54610,7 @@ CVE-2022-47590 (Unauth. Reflected Cross-Site Scripting 
(XSS) vulnerability in Fu
 CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in this ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47588 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Corn ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47586 (Unauth. SQL Injection (SQLi) vulnerability in Themefic 
Ultimate Addons ...)
@@ -56334,7 +56334,7 @@ CVE-2022-47447 (Cross-Site Request Forgery (CSRF) 
vulnerability in Mathieu Chart
 CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat 
Creations St ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47445 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
ProfileP ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel 
Powney Multi ...)
@@ -56372,7 +56372,7 @@ CVE-2022-47428
 CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C 
Dolson My  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47425
        RESERVED
 CVE-2022-47424
@@ -58161,7 +58161,7 @@ CVE-2022-46861 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2022-46860
        RESERVED
 CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Amin A.R ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-46857 (Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert 
plugin <= ...)
@@ -58306,7 +58306,7 @@ CVE-2022-46820 (Cross-Site Request Forgery (CSRF) 
vulnerability in WPJoli Joli T
 CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Gopi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-46818 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Flyz ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking 
Ultra Pro A ...)
@@ -61476,7 +61476,7 @@ CVE-2022-45807 (Cross-Site Request Forgery (CSRF) 
inWPVibes WP Mail Log plugin <
 CVE-2022-45806
        RESERVED
 CVE-2022-45805 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft 
Photo Gall ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45803
@@ -66355,7 +66355,7 @@ CVE-2022-44570 (A denial of service vulnerability in 
the Range header parsing co
        NOTE: 
https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437 
(v2.1.4.2)
        NOTE: 
https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1 
(v2.2.6.2)
 CVE-2022-44569 (A locally authenticated attacker with low privileges can 
bypass authen ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2022-44568
        RESERVED
 CVE-2022-44567 (A command injection vulnerability exists in 
Rocket.Chat-Desktop <3.8.1 ...)
@@ -70717,9 +70717,9 @@ CVE-2022-43557 (The BD BodyGuard\u2122 infusion pumps 
specified allow for access
 CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between 
9.0.0 and 9 ...)
        NOT-FOR-US: Concrete CMS
 CVE-2022-43555 (Ivanti Avalanche Printer Device Service Missing Authentication 
Local P ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2022-43554 (Ivanti Avalanche Smart Device Service Missing Authentication 
Local Pri ...)
-       TODO: check
+       NOT-FOR-US: Ivanti
 CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 
2.0.9-ho ...)
        NOT-FOR-US: EdgeRouters
 CVE-2022-43552 (A use after free vulnerability exists in curl <7.87.0. Curl 
can be ask ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3af980d12ed735175b5454224f3a90df590e43f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3af980d12ed735175b5454224f3a90df590e43f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to