Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3eda7a17 by Moritz Muehlenhoff at 2023-11-13T13:02:12+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that
allows for ...)
- TODO: check
+ NOT-FOR-US: Hanwha Vision PNV-A6081R
CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored
Cross-Site Scrip ...)
NOT-FOR-US: WordPress plugin
CVE-2023-5037
@@ -101,7 +101,7 @@ CVE-2023-47164 (Cross-site scripting vulnerability in
HOTELDRUID 3.0.5 and earli
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <no-dsa> (Minor issue)
CVE-2023-47129 (Statmic is a core Laravel content management system Composer
package. ...)
- TODO: check
+ NOT-FOR-US: Statmic
CVE-2023-47128 (Piccolo is an object-relational mapping and query builder
which suppor ...)
NOT-FOR-US: Piccolo ORM (not the same as src:piccolo)
CVE-2023-47121 (Discourse is an open source platform for community discussion.
Prior t ...)
@@ -174,7 +174,7 @@ CVE-2023-47800 (Natus NeuroWorks and SleepWorks before 8.4
GMA3 utilize a defaul
CVE-2023-47246 (In SysAid On-Premise before 23.3.36, a path traversal
vulnerability le ...)
NOT-FOR-US: SysAid
CVE-2023-46729 (sentry-javascript provides Sentry SDKs for JavaScript. An
unsanitized ...)
- TODO: check
+ NOT-FOR-US: sentry-javascript
CVE-2023-45167 (IBM AIX's 7.3 Python implementation could allow a
non-privileged local ...)
NOT-FOR-US: IBM
CVE-2023-39796 (SQL injection vulnerability in the miniform module in WBCE CMS
v.1.6.0 ...)
@@ -233,9 +233,9 @@ CVE-2023-6039 (A use-after-free flaw was found in
lan78xx_disconnect in drivers/
[buster] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3 (6.5-rc5)
CVE-2023-4612 (Improper Authentication vulnerability in Apereo CAS
injakarta.servlet. ...)
- TODO: check
+ NOT-FOR-US: Apereo CAS
CVE-2023-4218 (In Eclipse IDE versions < 2023-09 (4.29) some files with xml
content a ...)
- TODO: check
+ - eclipse <removed>
CVE-2023-47616 (A CWE-200: Exposure of Sensitive Information to an
Unauthorized Actor ...)
NOT-FOR-US: Telit Cinterion
CVE-2023-47615 (A CWE-526: Exposure of Sensitive Information Through
Environmental Var ...)
@@ -981,7 +981,7 @@ CVE-2023-46084 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2023-45830 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45827 (Dot diver is a lightweight, powerful, and dependency-free
TypeScript u ...)
- TODO: check
+ NOT-FOR-US: Dot diver
CVE-2023-45657 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45163 (The 1E-Exchange-CommandLinePing instruction that is part of
the Networ ...)
@@ -47325,7 +47325,7 @@ CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in
GitHub repository modoboa/mo
CVE-2023-0437
RESERVED
CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may
print s ...)
- TODO: check
+ NOT-FOR-US: MongoDB Atlas Kubernetes Operator
CVE-2022-48282 (Under very specific circumstances (see Required configuration
section ...)
NOT-FOR-US: MongoDB .NET/C# Driver
CVE-2023-24371
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eda7a1723994d10f6dfa552ff9a5b0943b5689e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eda7a1723994d10f6dfa552ff9a5b0943b5689e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
