Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1abbe0c4 by Salvatore Bonaccorso at 2023-12-26T09:16:59+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,17 +1,17 @@
CVE-2023-7111 (A vulnerability, which was classified as critical, was found in
code-p ...)
- TODO: check
+ NOT-FOR-US: code-projects Library Management System
CVE-2023-7110 (A vulnerability, which was classified as critical, has been
found in c ...)
- TODO: check
+ NOT-FOR-US: code-projects Library Management System
CVE-2023-7109 (A vulnerability classified as critical was found in
code-projects Libr ...)
- TODO: check
+ NOT-FOR-US: code-projects Library Management System
CVE-2023-7108 (A vulnerability classified as problematic has been found in
code-proje ...)
- TODO: check
+ NOT-FOR-US: code-projects E-Commerce Website
CVE-2023-7107 (A vulnerability was found in code-projects E-Commerce Website
1.0. It ...)
- TODO: check
+ NOT-FOR-US: code-projects E-Commerce Website
CVE-2023-7106 (A vulnerability was found in code-projects E-Commerce Website
1.0. It ...)
- TODO: check
+ NOT-FOR-US: code-projects E-Commerce Website
CVE-2023-7105 (A vulnerability was found in code-projects E-Commerce Website
1.0. It ...)
- TODO: check
+ NOT-FOR-US: code-projects E-Commerce Website
CVE-2023-7104 (A vulnerability was found in SQLite SQLite3 up to 3.43.0 and
classifie ...)
TODO: check
CVE-2023-51775 (The jose4j component before 0.9.4 for Java allows attackers to
cause a ...)
@@ -19,11 +19,11 @@ CVE-2023-51775 (The jose4j component before 0.9.4 for Java
allows attackers to c
CVE-2023-51774 (The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes
allows bypa ...)
TODO: check
CVE-2023-51773 (BACnet Stack before 1.3.2 has a decode function APDU buffer
over-read ...)
- TODO: check
+ NOT-FOR-US: BACnet Stack
CVE-2023-51654 (Improper link resolution before file access ('Link Following')
issue e ...)
- TODO: check
+ NOT-FOR-US: iPrint&Scan Desktop for Windows
CVE-2023-51363 (VR-S1000 firmware Ver. 2.37 and earlier allows a
network-adjacent unau ...)
- TODO: check
+ NOT-FOR-US: VR-S1000 firmware
CVE-2023-50658 (The jose2go component before 1.6.0 for Go allows attackers to
cause a ...)
TODO: check
CVE-2023-50339 (Stored cross-site scripting vulnerability exists in the User
Managemen ...)
@@ -31,7 +31,7 @@ CVE-2023-50339 (Stored cross-site scripting vulnerability
exists in the User Man
CVE-2023-50332 (Improper authorization vulnerability exists in the User
Management (/a ...)
TODO: check
CVE-2023-50297 (Open redirect vulnerability in PowerCMS (6 Series, 5 Series,
and 4 Ser ...)
- TODO: check
+ NOT-FOR-US: PowerCMS
CVE-2023-50294 (The App Settings (/admin/app) page in GROWI versions prior to
v6.0.6 s ...)
TODO: check
CVE-2023-50175 (Stored cross-site scripting vulnerability exists in the App
Settings ( ...)
@@ -45,17 +45,17 @@ CVE-2023-49598 (Stored cross-site scripting vulnerability
exists in the event ha
CVE-2023-49119 (Stored cross-site scripting vulnerability via the img tags
exists in G ...)
TODO: check
CVE-2023-49117 (PowerCMS (6 Series, 5 Series, and 4 Series) contains a stored
cross-si ...)
- TODO: check
+ NOT-FOR-US: PowerCMS
CVE-2023-47215 (Stored cross-site scripting vulnerability which is exploiting
a behavi ...)
TODO: check
CVE-2023-46711 (VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded
cryptographi ...)
- TODO: check
+ NOT-FOR-US: VR-S1000 firmware
CVE-2023-46699 (Cross-site request forgery (CSRF) vulnerability exists in the
User set ...)
TODO: check
CVE-2023-46681 (Improper neutralization of argument delimiters in a command
('Argument ...)
- TODO: check
+ NOT-FOR-US: VR-S1000 firmware
CVE-2023-45741 (VR-S1000 firmware Ver. 2.37 and earlier allows an attacker
with access ...)
- TODO: check
+ NOT-FOR-US: VR-S1000 firmware
CVE-2023-45740 (Stored cross-site scripting vulnerability when processing
profile imag ...)
TODO: check
CVE-2023-45737 (Stored cross-site scripting vulnerability exists in the App
Settings ( ...)
@@ -42545,7 +42545,7 @@ CVE-2023-28617 (org-babel-execute:latex in ob-latex.el
in Org Mode through 9.6.1
NOTE: making an empty dependency package only thus considered fixed
exceptionally in
NOTE: that version.
CVE-2023-28616 (An issue was discovered in Stormshield Network Security (SNS)
before 4 ...)
- TODO: check
+ NOT-FOR-US: Stormshield Network Security (SNS)
CVE-2023-28615
RESERVED
CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command
Injectio ...)
@@ -47315,7 +47315,7 @@ CVE-2023-27152 (DECISO OPNsense 23.1 does not impose
rate limits for authenticat
CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection
vulnerabilit ...)
NOT-FOR-US: openCRX
CVE-2023-27150 (openCRX 5.2.0 was discovered to contain a cross-site scripting
(XSS) v ...)
- TODO: check
+ NOT-FOR-US: openCRX
CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in
Enhancesoft osTic ...)
NOT-FOR-US: Enhancesoft osTicket
CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin
panel i ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abbe0c4ed1c8305e0ce4adbd227a962b70938c7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1abbe0c4ed1c8305e0ce4adbd227a962b70938c7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
