Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2bc7ea40 by Salvatore Bonaccorso at 2023-12-14T21:46:54+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API
endpoint was f ...)
NOT-FOR-US: WhatsUp Gold
CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in
GitHub r ...)
- TODO: check
+ NOT-FOR-US: gradio
CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow)
- TODO: check
+ NOT-FOR-US: kubeflow
CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow)
- TODO: check
+ NOT-FOR-US: kubeflow
CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3)
TODO: check
CVE-2023-6563 (An unconstrained memory consumption vulnerability was
discovered in Ke ...)
@@ -27,7 +27,7 @@ CVE-2023-5769 (A vulnerability exists in the webserver that
affects the RTU500
CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in
PHOENIX CONT ...)
NOT-FOR-US: PHOENIX
CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other
JavaScr ...)
- TODO: check
+ NOT-FOR-US: Speckle Server
CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to
version 3.11.7 ...)
TODO: check
CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in
EyouCMS-V1.6.5-UT ...)
@@ -57,121 +57,121 @@ CVE-2023-50269 (Squid is a caching proxy for the Web. Due
to an Uncontrolled Rec
NOTE: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch
NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch
CVE-2023-50137 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in
the sit ...)
- TODO: check
+ NOT-FOR-US: JFinalcms
CVE-2023-50102 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).)
- TODO: check
+ NOT-FOR-US: JFinalcms
CVE-2023-50101 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS)
via Label ...)
- TODO: check
+ NOT-FOR-US: JFinalcms
CVE-2023-50100 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS)
via carous ...)
- TODO: check
+ NOT-FOR-US: JFinalcms
CVE-2023-50073 (EmpireCMS v7.5 was discovered to contain a SQL injection
vulnerability ...)
- TODO: check
+ NOT-FOR-US: EmpireCMS
CVE-2023-50017 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site
Request Forg ...)
- TODO: check
+ NOT-FOR-US: Dreamer CMS
CVE-2023-50011 (PopojiCMS version 2.0.1 is vulnerable to remote command
execution in t ...)
- TODO: check
+ NOT-FOR-US: PopojiCMS
CVE-2023-4694 (Certain HP OfficeJet Pro printers are potentially vulnerable to
a Deni ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2023-49860 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49847 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49846 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49842 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49841 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49836 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49833 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49828 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49827 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49820 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49813 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49786 (Asterisk is an open source private branch exchange and
telephony toolk ...)
TODO: check
CVE-2023-49771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49770 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49766 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49745 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49743 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION]
on [PLATF ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.)
- TODO: check
+ NOT-FOR-US: Starshop component for Joomla
CVE-2023-49707 (SQLi vulnerability in S5 Register module for Joomla.)
- TODO: check
+ NOT-FOR-US: Joomla module
CVE-2023-49294 (Asterisk is an open source private branch exchange and
telephony toolk ...)
TODO: check
CVE-2023-49195 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49173 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49172 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49171 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49168 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49157 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49152 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49151 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49150 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-49149 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48925 (SQL injection vulnerability in Buy Addons bavideotab before
version 1. ...)
- TODO: check
+ NOT-FOR-US: PrestaShop module
CVE-2023-48780 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48771 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48770 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48767 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48756 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-48676 (Sensitive information disclosure and manipulation due to
missing autho ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2023-48671 (Dell vApp Manager, versions prior to 9.2.4.x contain an
information di ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48668 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS
7.7.5.25, LTS 7 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48667 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS
7.7.5.25, LTS 7 ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48665 (Dell vApp Manager, versions prior to 9.2.4.x contain a command
injecti ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48664 (Dell vApp Manager, versions prior to 9.2.4.x contain a command
injecti ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48663 (Dell vApp Manager, versions prior to 9.2.4.x contain a command
injecti ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48662 (Dell vApp Manager, versions prior to 9.2.4.x contain a command
injecti ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48661 (Dell vApp Manager, versions prior to 9.2.4.x contain an
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48660 (Dell vApp Manger, versions prior to 9.2.4.x contain an
arbitrary file ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an
Imprope ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the
response to ...)
- TODO: check
+ NOT-FOR-US: Dokmee ECM
CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability when ...)
TODO: check
CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version
1.1.13, a ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bc7ea406898936257bf633d6e490d966c0073ea
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bc7ea406898936257bf633d6e490d966c0073ea
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
