[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 14 Nov 2023 00:29:25 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
630a97fb by Salvatore Bonaccorso at 2023-11-14T09:28:55+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2023-6115
        REJECTED
 CVE-2023-6109 (The YOP Poll plugin for WordPress is vulnerable to a race 
condition in ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6107
        REJECTED
 CVE-2023-6106
@@ -25,43 +25,43 @@ CVE-2023-6034
 CVE-2023-6010
        REJECTED
 CVE-2023-6006 (This vulnerability allows local attackers to escalate 
privileges on af ...)
-       TODO: check
+       NOT-FOR-US: PaperCut NG
 CVE-2023-5977
        REJECTED
 CVE-2023-4603 (The Star CloudPRNT for WooCommerce plugin for WordPress is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47697 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
WP Event ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47696 (Unauth. Stored Cross-Site Scripting (XSS) vulnerabilityin 
Gravity Mast ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47695 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Scribit  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47690 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Anton Bo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47684 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
ThemePun ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47680 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47673 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Stefano  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47665 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
edward_p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47662 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Gold ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47657 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47629 (DataHub is an open-source metadata platform. In affected 
versions sign ...)
-       TODO: check
+       NOT-FOR-US: DataHub
 CVE-2023-47628 (DataHub is an open-source metadata platform. DataHub 
Frontend's sessio ...)
-       TODO: check
+       NOT-FOR-US: DataHub
 CVE-2023-47625 (PX4 autopilot is a flight control solution for drones. In 
affected ver ...)
-       TODO: check
+       NOT-FOR-US: PX4 autopilot
 CVE-2023-47609 (SQL injection vulnerability in OSS Calendar versions prior to 
v.2.0.3  ...)
-       TODO: check
+       NOT-FOR-US: OSS Calendar
 CVE-2023-47346 (Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and 
SMF 1.2 ...)
-       TODO: check
+       NOT-FOR-US: free5GC
 CVE-2023-47117 (Label Studio is an open source data labeling tool. In all 
current vers ...)
-       TODO: check
+       NOT-FOR-US: Label Studio
 CVE-2023-46446 (An issue in AsyncSSH v2.14.0 and earlier allows attackers to 
control t ...)
        - python-asyncssh <unfixed>
        NOTE: 
https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm
@@ -69,39 +69,39 @@ CVE-2023-46445 (An issue in AsyncSSH v2.14.0 and earlier 
allows attackers to con
        - python-asyncssh <unfixed>
        NOTE: 
https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5
 CVE-2023-46021 (SQL Injection vulnerability in cancel.php in Code-Projects 
Blood Bank  ...)
-       TODO: check
+       NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46020 (Cross Site Scripting (XSS) in updateprofile.php in 
Code-Projects Blood ...)
-       TODO: check
+       NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46019 (Cross Site Scripting (XSS) vulnerability in abs.php in 
Code-Projects B ...)
-       TODO: check
+       NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46018 (SQL injection vulnerability in receiverReg.php in 
Code-Projects Blood  ...)
-       TODO: check
+       NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46017 (SQL Injection vulnerability in receiverLogin.php in 
Code-Projects Bloo ...)
-       TODO: check
+       NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46016 (Cross Site Scripting (XSS) in abs.php in Code-Projects Blood 
Bank 1.0  ...)
-       TODO: check
+       NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46015 (Cross Site Scripting (XSS) vulnerability in index.php in 
Code-Projects ...)
-       TODO: check
+       NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-46014 (SQL Injection vulnerability in hospitalLogin.php in 
Code-Projects Bloo ...)
-       TODO: check
+       NOT-FOR-US: Code-Projects Blood Bank
 CVE-2023-45881 (GibbonEdu Gibbon through version 25.0.0 allows 
/modules/Planner/resour ...)
-       TODO: check
+       NOT-FOR-US: GibbonEdu Gibbon
 CVE-2023-45880 (GibbonEdu Gibbon through version 25.0.0 allows Directory 
Traversal via ...)
-       TODO: check
+       NOT-FOR-US: GibbonEdu Gibbon
 CVE-2023-45879 (GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an 
IFRAME el ...)
-       TODO: check
+       NOT-FOR-US: GibbonEdu Gibbon
 CVE-2023-45878 (GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary 
File Write ...)
-       TODO: check
+       NOT-FOR-US: GibbonEdu Gibbon
 CVE-2023-45560 (An issue in Yasukawa memberscard v.13.6.1 allows attackers to 
send cra ...)
-       TODO: check
+       NOT-FOR-US: Yasukawa memberscard
 CVE-2023-45558 (An issue in Golden v.13.6.1 allows attackers to send crafted 
notificat ...)
-       TODO: check
+       NOT-FOR-US: Golden
 CVE-2023-43902 (Incorrect access control in the Forgot Your Password function 
of EMSig ...)
-       TODO: check
+       NOT-FOR-US: EMSigner
 CVE-2023-43901 (Incorrect access control in the AdHoc User creation form of 
EMSigner v ...)
-       TODO: check
+       NOT-FOR-US: EMSigner
 CVE-2023-43900 (Insecure Direct Object References (IDOR) in EMSigner v2.8.7 
allow atta ...)
-       TODO: check
+       NOT-FOR-US: EMSigner
 CVE-2023-42816 (Kyverno is a policy engine designed for Kubernetes. A security 
vulnera ...)
        TODO: check
 CVE-2023-42815 (Kyverno is a policy engine designed for Kubernetes. A security 
vulnera ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/630a97fb7e67da0ae1832f0e17edfd0beb8c68c1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/630a97fb7e67da0ae1832f0e17edfd0beb8c68c1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to