[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 31 Oct 2023 02:26:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0a55157d by Salvatore Bonaccorso at 2023-10-31T10:25:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,7 +9,7 @@ CVE-2023-5864 (Cross-site Scripting (XSS) - Stored in GitHub 
repository thorsten
 CVE-2023-5863 (Cross-site Scripting (XSS) - Reflected in GitHub repository 
thorsten/p ...)
        NOT-FOR-US: phpmyfaq
 CVE-2023-5862 (Missing Authorization in GitHub repository hamza417/inure prior 
to Bui ...)
-       TODO: check
+       NOT-FOR-US: hamza417/inure
 CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in GitHub repository 
microweber/mi ...)
        NOT-FOR-US: microweber
 CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring 
Framework fo ...)
@@ -41,31 +41,31 @@ CVE-2023-45899 (An issue in the component 
SuperUserSetuserModuleFrontController:
 CVE-2023-45804
        REJECTED
 CVE-2023-45672 (Frigate is an open source network video recorder. Prior to 
version 0.1 ...)
-       TODO: check
+       NOT-FOR-US: Frigate
 CVE-2023-45671 (Frigate is an open source network video recorder. Prior to 
version 0.1 ...)
-       TODO: check
+       NOT-FOR-US: Frigate
 CVE-2023-45670 (Frigate is an open source network video recorder. Prior to 
version 0.1 ...)
-       TODO: check
+       NOT-FOR-US: Frigate
 CVE-2023-45378 (In the module "PrestaBlog" (prestablog) version 4.4.7 and 
before from  ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-44397 (CloudExplorer Lite is an open source, lightweight cloud 
management pla ...)
-       TODO: check
+       NOT-FOR-US: CloudExplorer Lite
 CVE-2023-43798 (BigBlueButton is an open-source virtual classroom. 
BigBlueButton prior ...)
-       TODO: check
+       NOT-FOR-US: BigBlueButton
 CVE-2023-43797 (BigBlueButton is an open-source virtual classroom. Prior to 
versions 2 ...)
-       TODO: check
+       NOT-FOR-US: BigBlueButton
 CVE-2023-43139 (An issue in franfinance before v.2.0.27 allows a remote 
attacker to ex ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-42323 (Cross Site Request Forgery (CSRF) vulnerability in DouHaocms 
v.3.3 all ...)
-       TODO: check
+       NOT-FOR-US: DouHaocms
 CVE-2023-36263 (Prestashop opartlimitquantity 1.4.5 and before is vulnerable 
to SQL In ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion 
in the c ...)
        TODO: check
 CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in 
demos/hooks-targe ...)
        TODO: check
 CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing 
attack again ...)
-       TODO: check
+       NOT-FOR-US: JHipster generator-jhipster
 CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script]
        - salt <unfixed>
        NOTE: 
https://saltproject.io/security-announcements/2023-10-27-advisory/index.html
@@ -166,7 +166,7 @@ CVE-2023-45797 (A Buffer overflow vulnerability in 
DreamSecurity MagicLine4NX ve
 CVE-2023-45746 (Cross-site scripting vulnerability in Movable Type series 
allows a rem ...)
        TODO: check
 CVE-2023-44141 (Inkdrop prior to v5.6.0 allows a local attacker to conduct a 
code inje ...)
-       TODO: check
+       NOT-FOR-US: Inkdrop
 CVE-2023-44002
        REJECTED
 CVE-2007-10003 (A vulnerability, which was classified as critical, has been 
found in T ...)
@@ -35005,7 +35005,7 @@ CVE-2023-27848 (broccoli-compass v0.2.4 was discovered 
to contain a remote code
 CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog 
v.2.0.1 and be ...)
        NOT-FOR-US: PrestaShop
 CVE-2023-27846 (SQL injection vulnerability found in PrestaShop themevolty 
v.4.0.8 and ...)
-       TODO: check
+       NOT-FOR-US: PrestaShop module
 CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs 
before v ...)
        NOT-FOR-US: PrestaShop
 CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite 
v.1.0 and  ...)
@@ -81630,7 +81630,7 @@ CVE-2022-39173 (In wolfSSL before 5.5.1, malicious 
clients can cause a buffer ov
        - wolfssl 5.5.3-1 (bug #1021021)
        [bullseye] - wolfssl <no-dsa> (Minor issue)
 CVE-2022-39172 (A stored XSS in the process overview (bersicht zugewiesener 
Vorgaenge) ...)
-       TODO: check
+       NOT-FOR-US: mbsupport openVIVA c2
 CVE-2022-39171
        RESERVED
 CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in 
dwarf_f ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a55157dc0c94850bf793dd4ee77a82a40b14f4f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a55157dc0c94850bf793dd4ee77a82a40b14f4f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to