[Git][security-tracker-team/security-tracker][master] NFUs

Wed, 01 Nov 2023 07:27:38 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9eb509ca by Moritz Muehlenhoff at 2023-11-01T15:26:56+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -269,7 +269,7 @@ CVE-2023-40050 (Upload profile either through API or user 
interface in Chef Auto
 CVE-2023-38994 (An issue in Univention UCS v.5.0 allows a local attacker to 
execute ar ...)
        NOT-FOR-US: Univention
 CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Solwin Infotech
 CVE-2023-37832 (A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 
allows a ...)
        NOT-FOR-US: Elenos
 CVE-2023-37831 (An issue discovered in Elenos ETG150 FM transmitter v3.12 
allows attac ...)
@@ -1252,7 +1252,7 @@ CVE-2023-46136 (Werkzeug is a comprehensive WSGI web 
application library. If an
        NOTE: 
https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw
        NOTE: 
https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1
 (3.0.1)
 CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar 
Strkeys.  ...)
-       TODO: check
+       NOT-FOR-US: rs-stellar-strkey
 CVE-2023-46126 (Fides is an open-source privacy engineering platform for 
managing the  ...)
        NOT-FOR-US: Fides
 CVE-2023-46125 (Fides is an open-source privacy engineering platform for 
managing the  ...)
@@ -1262,7 +1262,7 @@ CVE-2023-46124 (Fides is an open-source privacy 
engineering platform for managin
 CVE-2023-46123 (jumpserver is an open source bastion machine, professional 
operation a ...)
        NOT-FOR-US: JumpServer
 CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based 
application ...)
-       TODO: check
+       NOT-FOR-US: RabbitMQ Java client library
 CVE-2023-46119 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. 
HTTP API  ...)
@@ -1317,7 +1317,7 @@ CVE-2023-37283 (Under a very specific and highly 
unrecommended configuration, au
 CVE-2023-36085 (The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a 
host he ...)
        NOT-FOR-US: sisqualWFM
 CVE-2023-34085 (When an AWS DynamoDB table is used for user attribute storage, 
it is p ...)
-       TODO: check
+       NOT-FOR-US: AWS
 CVE-2023-34056 (vCenter Server contains a partial information disclosure 
vulnerability ...)
        NOT-FOR-US: VMware
 CVE-2023-34048 (vCenter Server contains an out-of-bounds write vulnerability 
in the im ...)
@@ -1616,7 +1616,7 @@ CVE-2023-46331 (WebAssembly wabt 1.0.33 has an 
Out-of-Bound Memory Read in in Da
 CVE-2023-46127 (Frappe is a full-stack web application framework that uses 
Python and  ...)
        NOT-FOR-US: Frappe Framework
 CVE-2023-46122 (sbt is a build tool for Scala, Java, and others. Given a 
specially cra ...)
-       TODO: check
+       NOT-FOR-US: sbt
 CVE-2023-43074 (Dell Unity 5.3 contain(s) an Arbitrary File Creation 
vulnerability. A  ...)
        NOT-FOR-US: Dell
 CVE-2023-43067 (Dell Unity prior to 5.3 contains an XML External Entity 
injection vuln ...)
@@ -2631,7 +2631,7 @@ CVE-2023-42628 (Stored cross-site scripting (XSS) 
vulnerability in the Wiki widg
 CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in 
the Comm ...)
        NOT-FOR-US: Liferay
 CVE-2023-39902 (A software vulnerability has been identified in the U-Boot 
Secondary P ...)
-       TODO: check
+       NOT-FOR-US: NXP
 CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan 
Presence, deploy ...)
        NOT-FOR-US: HCL
 CVE-2023-4399 (Grafana is an open-source platform for monitoring and 
observability.   ...)
@@ -24371,7 +24371,7 @@ CVE-2023-31214
 CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-31211
        RESERVED
 CVE-2023-31210
@@ -31841,7 +31841,7 @@ CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting 
(XSS) vulnerability in Vl
 CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Best ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-28777 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
I Thirte ...)
        NOT-FOR-US: Lightbox plugin
 CVE-2023-28775
@@ -39623,7 +39623,7 @@ CVE-2023-26221
 CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s 
Spotfire Analy ...)
        NOT-FOR-US: TIBCO
 CVE-2023-26219 (The Hawk Console and Hawk Agent components of TIBCO Software 
Inc.'s TI ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus 
contain ...)
        NOT-FOR-US: TIBCO
 CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s 
TIBCO EBX  ...)
@@ -43379,11 +43379,11 @@ CVE-2023-25049 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2023-25048
        RESERVED
 CVE-2023-25047 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Podl ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25045 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Sumo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25043
@@ -45478,7 +45478,7 @@ CVE-2023-24412 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-24410 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
I Thirte ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
@@ -46461,7 +46461,7 @@ CVE-2023-24002 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2023-24001 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Yann ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-24000 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in E4J  ...)
@@ -83157,7 +83157,7 @@ CVE-2022-3008 (The tinygltf library uses the C library 
function wordexp() to per
        NOTE: https://github.com/syoyo/tinygltf/issues/368
        NOTE: 
https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751
 CVE-2022-3007 (The vulnerability exists in Syska SW100 Smartwatch due to an 
improper  ...)
-       TODO: check
+       NOT-FOR-US: Syska
 CVE-2022-3006
        RESERVED
 CVE-2022-3005 (Cross-site Scripting (XSS) - Stored in GitHub repository 
yetiforcecomp ...)
@@ -478001,7 +478001,7 @@ CVE-2016-1205 (Cross-site scripting (XSS) 
vulnerability in the shiro8 (1) catego
 CVE-2016-1204
        RESERVED
 CVE-2016-1203 (Improper file verification vulnerability in SaAT Netizen 
installer ver ...)
-       TODO: check
+       NOT-FOR-US: SaAT Netizen
 CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before 
0.33.5 all ...)
        NOT-FOR-US: Atom Electron
 CVE-2016-1201 (Cross-site request forgery (CSRF) vulnerability in LOCKON 
EC-CUBE 3.0. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9eb509ca0d0df47c9315cfb1e597bed67b78b0df

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9eb509ca0d0df47c9315cfb1e597bed67b78b0df
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to