Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8bb706a9 by Salvatore Bonaccorso at 2023-12-29T21:42:54+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,11 +7,11 @@ CVE-2023-7114 (Mattermost version 2.10.0 and earlier fails to
sanitize deeplink
CVE-2023-7113 (Mattermost version 8.1.6 and earlier fails to sanitize channel
mention ...)
- mattermost-server <itp> (bug #823556)
CVE-2023-7080 (The V8 inspector intentionally allows arbitrary code execution
within ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Workers
CVE-2023-7079 (Sending specially crafted HTTP requests and inspector messages
to Wran ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Workers
CVE-2023-7078 (Sending specially crafted HTTP requests to Miniflare's server
could re ...)
- TODO: check
+ NOT-FOR-US: Cloudflare Workers
CVE-2023-52139 (Misskey is an open source, decentralized social media
platform. Third- ...)
NOT-FOR-US: Misskey
CVE-2023-52137 (The
[`tj-actions/verify-changed-files`](https://github.com/tj-actions/ ...)
@@ -118,57 +118,57 @@ CVE-2023-50572 (An issue in the component
GroovyEngine.execute of jline-groovy v
NOTE:
https://github.com/jline/jline3/commit/f3c60a3e6255e8e0c20d5043a4fe248446f292bb
(jline-parent-3.25.0)
TODO: check if jline 3.x specific or affects as well src:jline2,
src:jline
CVE-2023-50571 (easy-rules-mvel v4.1.0 was discovered to contain a remote code
executi ...)
- TODO: check
+ NOT-FOR-US: easy-rules-mvel
CVE-2023-50570 (An issue in the component IPAddressBitsDivision of IPAddress
v5.1.0 le ...)
- TODO: check
+ NOT-FOR-US: IPAddress Java library
CVE-2023-4675 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: GM Information Technologies MDO
CVE-2023-4674 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Yaztek Software Technologies and Computer Systems
E-Commerce Software
CVE-2023-4541 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Ween Software Admin Panel
CVE-2023-4468 (A vulnerability was found in Poly Trio 8800 and Trio C60. It
has been ...)
- TODO: check
+ NOT-FOR-US: Poly Trio 8800 and Trio C60
CVE-2023-4467 (A vulnerability was found in Poly Trio 8800 7.2.6.0019 and
classified ...)
- TODO: check
+ NOT-FOR-US: Poly Trio 8800
CVE-2023-4466 (A vulnerability has been found in Poly CCX 400, CCX 600, Trio
8800 and ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4465 (A vulnerability, which was classified as problematic, was found
in Pol ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4464 (A vulnerability, which was classified as critical, has been
found in P ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4463 (A vulnerability classified as problematic was found in Poly CCX
400, C ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-4462 (A vulnerability classified as problematic has been found in
Poly CCX 4 ...)
- TODO: check
+ NOT-FOR-US: Poly CCX 400, CCX 600, Trio 8800 and Trio C60
CVE-2023-49830 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47840 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-47804 (Apache OpenOffice documents can contain links that call
internal macro ...)
- TODO: check
+ NOT-FOR-US: Apache OpenOffice
CVE-2023-46623 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-45751 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-44089 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-44088 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41815 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41814 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-41813 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
- TODO: check
+ NOT-FOR-US: Pandora FMS
CVE-2023-40606 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32517 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32101 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in P ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-32095 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-7161 (A vulnerability classified as critical has been found in
Netentsec NS- ...)
NOT-FOR-US: Netentsec NS-ASG Application Security Gateway
CVE-2023-7160 (A vulnerability was found in SourceCodester Engineers Online
Portal 1. ...)
@@ -34839,7 +34839,7 @@ CVE-2023-31250 (The file download facility doesn't
sufficiently sanitize file pa
CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q100
(All ver ...)
NOT-FOR-US: Siemens
CVE-2023-31237 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in D ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in unFo ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland
Barker, xnau ...)
@@ -34855,7 +34855,7 @@ CVE-2023-31231 (Unrestricted Upload of File with
Dangerous Type vulnerability in
CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir
Baidu Tong ...)
NOT-FOR-US: Haoqisir Baidu Tongji generator
CVE-2023-31229 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in W ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Crea ...)
NOT-FOR-US: WordPress plugin
CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling
verification. ...)
@@ -35345,7 +35345,7 @@ CVE-2023-31097
CVE-2023-31096 (An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem
Kernel ...)
NOT-FOR-US: Broadcom
CVE-2023-31095 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Lauri Ka ...)
NOT-FOR-US: WooCommerce plugin
CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly
Chronosly ...)
@@ -42446,7 +42446,7 @@ CVE-2023-28788 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2023-28787
RESERVED
CVE-2023-28786 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Contest ...)
@@ -53997,7 +53997,7 @@ CVE-2023-25056 (Cross-Site Request Forgery (CSRF)
vulnerability in SlickRemix Fe
CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit
Agarwal Google ...)
NOT-FOR-US: WordPress plugin
CVE-2023-25054 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-25053
RESERVED
CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Tepl ...)
@@ -61485,9 +61485,9 @@ CVE-2023-22679 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2023-22678 (Cross-Site Request Forgery (CSRF) vulnerability inRafael
DerySuperior ...)
NOT-FOR-US: WordPress plugin
CVE-2023-22677 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22676 (Missing Authorization vulnerability in Anders Thorborg.This
issue affe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-22675
RESERVED
CVE-2023-22674 (Missing Authorization, Cross-Site Request Forgery (CSRF)
vulnerability ...)
@@ -76457,7 +76457,7 @@ CVE-2022-44591 (Auth. (admin+) Stored Cross-Site
Scripting (XSS) vulnerability i
CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44589 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2022-44588 (Unauth. SQL Injection vulnerability inCryptocurrency Widgets
Pack Plug ...)
NOT-FOR-US: WordPress plugin
CVE-2022-44587
@@ -252368,7 +252368,7 @@ CVE-2020-17165
CVE-2020-17164
RESERVED
CVE-2020-17163 (Visual Studio Code Python Extension Remote Code Execution
Vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability)
NOT-FOR-US: Microsoft
CVE-2020-17161
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bb706a910ba81124bd8c589dc5734bdee04fee8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8bb706a910ba81124bd8c589dc5734bdee04fee8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
