[Git][security-tracker-team/security-tracker][master] Process NFUs

Mon, 08 May 2023 13:36:25 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a113fb06 by Salvatore Bonaccorso at 2023-05-08T22:35:47+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 
3.11.3.)
        TODO: check
 CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS 
which can ...)
-       TODO: check
+       NOT-FOR-US: Strikingly CMS
 CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are 
affect ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2023-2574 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are 
affect ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are 
affect ...)
-       TODO: check
+       NOT-FOR-US: Advantech
 CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository 
openemr/opene ...)
        NOT-FOR-US: OpenEMR
 CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8 
(Websocket API  ...)
@@ -1596,7 +1596,7 @@ CVE-2023-30857 (@aedart/support is the support package 
for Ion, a monorepo for J
 CVE-2023-30856 (eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 
and pri ...)
        NOT-FOR-US: eDEX-UI
 CVE-2023-30855 (Pimcore is an open source data and experience management 
platform. Ver ...)
-       TODO: check
+       NOT-FOR-US: Pimcore
 CVE-2023-30854 (AVideo is an open source video platform. Prior to version 
12.4, an OS  ...)
        NOT-FOR-US: AVideo
 CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in 
their Gi ...)
@@ -3814,7 +3814,7 @@ CVE-2023-30094 (A stored cross-site scripting (XSS) 
vulnerability in TotalJS Flo
 CVE-2023-30093 (An arbitrary file upload vulnerability in Open Networking 
Foundation O ...)
        NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2023-30092 (SourceCodester Online Pizza Ordering System v1.0 is vulnerable 
to SQL  ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Online Pizza Ordering System
 CVE-2023-30091
        RESERVED
 CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file 
uplaod vu ...)
@@ -3960,7 +3960,7 @@ CVE-2023-30021
 CVE-2023-30020
        RESERVED
 CVE-2023-30019 (imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery 
(SSRF)  ...)
-       TODO: check
+       NOT-FOR-US: imgproxy
 CVE-2023-30018 (Judging Management System v1.0 is vulnerable to SQL Injection. 
via /ph ...)
        NOT-FOR-US: Judging Management System
 CVE-2023-30017
@@ -4644,13 +4644,13 @@ CVE-2023-29698
 CVE-2023-29697
        RESERVED
 CVE-2023-29696 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a 
stack over ...)
-       TODO: check
+       NOT-FOR-US: H3C
 CVE-2023-29695
        RESERVED
 CVE-2023-29694
        RESERVED
 CVE-2023-29693 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a 
stack over ...)
-       TODO: check
+       NOT-FOR-US: H3C
 CVE-2023-29692
        RESERVED
 CVE-2023-29691
@@ -8572,7 +8572,7 @@ CVE-2023-28495
 CVE-2023-28494
        RESERVED
 CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Wordpress theme
 CVE-2023-28492
        RESERVED
 CVE-2023-28491
@@ -9716,7 +9716,7 @@ CVE-2023-28171
 CVE-2023-28170
        RESERVED
 CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Core ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-28168
        RESERVED
 CVE-2023-28167
@@ -17802,7 +17802,7 @@ CVE-2023-25454
 CVE-2023-25453
        RESERVED
 CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Mich ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WPCh ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25450
@@ -18747,7 +18747,7 @@ CVE-2023-25054
 CVE-2023-25053
        RESERVED
 CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Tepl ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25051
        RESERVED
 CVE-2023-25050
@@ -20808,7 +20808,7 @@ CVE-2023-24410
 CVE-2023-24409
        RESERVED
 CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-24407
        RESERVED
 CVE-2023-24406
@@ -22807,7 +22807,7 @@ CVE-2023-23670 (Auth. (contributor+) Cross-Site 
Scripting (XSS) vulnerability in
 CVE-2023-23669
        RESERVED
 CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-23667
        RESERVED
 CVE-2023-23666
@@ -31040,11 +31040,11 @@ CVE-2022-47441
 CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C 
Dolson My  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Rocket A ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) 
vulnerability in WpD ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Bran ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47436
        RESERVED
 CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Oliv ...)
@@ -32985,7 +32985,7 @@ CVE-2022-46801
 CVE-2022-46800
        RESERVED
 CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
I Thirte ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes 
ShopLento ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-46797 (Cross-Site Request Forgery (CSRF) vulnerability in Conversios 
All-in-o ...)
@@ -36009,7 +36009,7 @@ CVE-2022-45814 (Stored Cross-Site Scripting (XSS) 
vulnerability in Fabian von Al
 CVE-2022-45813
        RESERVED
 CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) 
vulnerability in ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45811
        RESERVED
 CVE-2022-45810
@@ -38349,7 +38349,7 @@ CVE-2022-45067 (Cross-Site Request Forgery (CSRF) 
vulnerability inDevsCred Exclu
 CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in 
WooSwipe Wo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
Squirrly ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45064 (The SlingRequestDispatcher doesn't correctly implement the 
RequestDisp ...)
        NOT-FOR-US: Apache Sling
 CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise 
and es ...)
@@ -157044,9 +157044,9 @@ CVE-2021-29001
 CVE-2021-29000
        RESERVED
 CVE-2021-28999 (SQL Injection vulnerability in CMS Made Simple through 2.2.15 
allows r ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2021-28998 (File upload vulnerability in CMS Made Simple through 2.2.15 
allows rem ...)
-       TODO: check
+       NOT-FOR-US: CMS Made Simple
 CVE-2021-28997
        RESERVED
 CVE-2021-28996
@@ -175631,7 +175631,7 @@ CVE-2020-36066 (GJSON <1.6.5 allows attackers to 
cause a denial of service (remo
        NOTE: 
https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc
        NOTE: fix in golang-github-tidwall-gjson is dependency on 
golang-github-tidwall-match v1.0.3
 CVE-2020-36065 (Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 
allows a ...)
-       TODO: check
+       NOT-FOR-US: FlyCms
 CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain 
hardcoded cr ...)
        NOT-FOR-US: Online Course Registration
 CVE-2020-36063
@@ -201318,7 +201318,7 @@ CVE-2020-23968 (Ilex International Sign&go 
Workstation Security Suite 7.1 allows
 CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of 
privilege  ...)
        NOT-FOR-US: Dr.Web Security Space
 CVE-2020-23966 (SQL Injection vulnerability in victor cms 1.0 allows attackers 
to exec ...)
-       TODO: check
+       NOT-FOR-US: victor cms
 CVE-2020-23965
        RESERVED
 CVE-2020-23964
@@ -203874,7 +203874,7 @@ CVE-2020-22757
 CVE-2020-22756
        RESERVED
 CVE-2020-22755 (File upload vulnerability in MCMS 5.0 allows attackers to 
execute arbi ...)
-       TODO: check
+       NOT-FOR-US: MCMS
 CVE-2020-22754
        RESERVED
 CVE-2020-22753
@@ -204763,7 +204763,7 @@ CVE-2020-22336
 CVE-2020-22335
        RESERVED
 CVE-2020-22334 (Cross Site Request Forgery (CSRF) vulnerability in beescms v4 
allows a ...)
-       TODO: check
+       NOT-FOR-US: beescms
 CVE-2020-22333
        RESERVED
 CVE-2020-22332



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a113fb0647d5f96e0747797a23738c38d988067e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a113fb0647d5f96e0747797a23738c38d988067e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to