Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0a55157d by Salvatore Bonaccorso at 2023-10-31T10:25:20+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -9,7 +9,7 @@ CVE-2023-5864 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten CVE-2023-5863 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) NOT-FOR-US: phpmyfaq CVE-2023-5862 (Missing Authorization in GitHub repository hamza417/inure prior to Bui ...) - TODO: check + NOT-FOR-US: hamza417/inure CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) NOT-FOR-US: microweber CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework fo ...) @@ -41,31 +41,31 @@ CVE-2023-45899 (An issue in the component SuperUserSetuserModuleFrontController: CVE-2023-45804 REJECTED CVE-2023-45672 (Frigate is an open source network video recorder. Prior to version 0.1 ...) - TODO: check + NOT-FOR-US: Frigate CVE-2023-45671 (Frigate is an open source network video recorder. Prior to version 0.1 ...) - TODO: check + NOT-FOR-US: Frigate CVE-2023-45670 (Frigate is an open source network video recorder. Prior to version 0.1 ...) - TODO: check + NOT-FOR-US: Frigate CVE-2023-45378 (In the module "PrestaBlog" (prestablog) version 4.4.7 and before from ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-44397 (CloudExplorer Lite is an open source, lightweight cloud management pla ...) - TODO: check + NOT-FOR-US: CloudExplorer Lite CVE-2023-43798 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) - TODO: check + NOT-FOR-US: BigBlueButton CVE-2023-43797 (BigBlueButton is an open-source virtual classroom. Prior to versions 2 ...) - TODO: check + NOT-FOR-US: BigBlueButton CVE-2023-43139 (An issue in franfinance before v.2.0.27 allows a remote attacker to ex ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-42323 (Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 all ...) - TODO: check + NOT-FOR-US: DouHaocms CVE-2023-36263 (Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL In ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion in the c ...) TODO: check CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-targe ...) TODO: check CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack again ...) - TODO: check + NOT-FOR-US: JHipster generator-jhipster CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script] - salt <unfixed> NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html @@ -166,7 +166,7 @@ CVE-2023-45797 (A Buffer overflow vulnerability in DreamSecurity MagicLine4NX ve CVE-2023-45746 (Cross-site scripting vulnerability in Movable Type series allows a rem ...) TODO: check CVE-2023-44141 (Inkdrop prior to v5.6.0 allows a local attacker to conduct a code inje ...) - TODO: check + NOT-FOR-US: Inkdrop CVE-2023-44002 REJECTED CVE-2007-10003 (A vulnerability, which was classified as critical, has been found in T ...) @@ -35005,7 +35005,7 @@ CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote code CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and be ...) NOT-FOR-US: PrestaShop CVE-2023-27846 (SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and ...) - TODO: check + NOT-FOR-US: PrestaShop module CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs before v ...) NOT-FOR-US: PrestaShop CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and ...) @@ -81630,7 +81630,7 @@ CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer ov - wolfssl 5.5.3-1 (bug #1021021) [bullseye] - wolfssl <no-dsa> (Minor issue) CVE-2022-39172 (A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) ...) - TODO: check + NOT-FOR-US: mbsupport openVIVA c2 CVE-2022-39171 RESERVED CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_f ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a55157dc0c94850bf793dd4ee77a82a40b14f4f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a55157dc0c94850bf793dd4ee77a82a40b14f4f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits