[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9fa1629d by Salvatore Bonaccorso at 2023-05-24T08:08:49+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,9 +31,9 @@ CVE-2023-31517 (Teeworlds v0.7.5 was discovered to contain 
memory leaks.)
        - teeworlds <unfixed>
        NOTE: 
https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b
 CVE-2023-2703 (Exposure of Private Personal Information to an Unauthorized 
Actor vuln ...)
-       TODO: check
+       NOT-FOR-US: Finex Media Competition Management System
 CVE-2023-2702 (Authorization Bypass Through User-Controlled Key vulnerability 
in Fine ...)
-       TODO: check
+       NOT-FOR-US: Finex Media Competition Management System
 CVE-2023-31996 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command 
Injection ...)
        NOT-FOR-US: Hanwha
 CVE-2023-31995 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross 
Site Script ...)
@@ -4525,7 +4525,7 @@ CVE-2023-30384
 CVE-2023-30383
        RESERVED
 CVE-2023-30382 (A buffer overflow in the component hl.exe of Valve Half-Life 
up to 543 ...)
-       TODO: check
+       NOT-FOR-US: hl.exe of Valve Half-Life
 CVE-2023-30381
        RESERVED
 CVE-2023-30380 (An issue in the component /dialog/select_media.php of DedeCMS 
v5.7.107 ...)
@@ -7364,7 +7364,7 @@ CVE-2023-1838 (A use-after-free flaw was found in 
vhost_net_set_backend in drive
        [buster] - linux 4.19.249-1
        NOTE: 
https://git.kernel.org/linus/fb4554c2232e44d595920f4d5c66cf8f7d13f9bc (5.18)
 CVE-2023-1837 (Missing Authentication for critical function vulnerability in 
HYPR Ser ...)
-       TODO: check
+       NOT-FOR-US: HYPR
 CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab 
affecting a ...)
        - gitlab <unfixed>
 CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22 
does not p ...)
@@ -9563,7 +9563,7 @@ CVE-2023-1510
 CVE-2023-1509 (The GMAce plugin for WordPress is vulnerable to Cross-Site 
Request For ...)
        NOT-FOR-US: GMAce plugin for WordPress
 CVE-2023-1508 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Adam Retail Automation Systems Mobilmen Terminal Software
 CVE-2023-1507 (A vulnerability has been found in SourceCodester E-Commerce 
System 1.0 ...)
        NOT-FOR-US: SourceCodester E-Commerce System
 CVE-2023-1506 (A vulnerability, which was classified as critical, was found in 
Source ...)
@@ -12295,7 +12295,7 @@ CVE-2023-1211 (SQL Injection in GitHub repository 
phpipam/phpipam prior to v1.5.
 CVE-2023-1210
        RESERVED
 CVE-2023-1209 (Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow 
records ...)
-       TODO: check
+       NOT-FOR-US: ServiceNow
 CVE-2023-1208
        RESERVED
 CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import 
functio ...)
@@ -17237,13 +17237,13 @@ CVE-2023-26016 (Auth. (admin+) Stored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2023-26015
        RESERVED
 CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel 
Minify HT ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-26013
        RESERVED
 CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Denz ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel 
Read More ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WPMo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-26009
@@ -18208,7 +18208,7 @@ CVE-2023-25709 (Cross-Site Request Forgery (CSRF) 
vulnerability in Plainware Loc
 CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP 
VR \u20 ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25707 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. 
VikBooki ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25706
        RESERVED
 CVE-2023-25705 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Go P ...)
@@ -19120,7 +19120,7 @@ CVE-2023-25483
 CVE-2023-25482
        RESERVED
 CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove 
Podlove Sub ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25480
        RESERVED
 CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Podl ...)
@@ -19134,11 +19134,11 @@ CVE-2023-25476
 CVE-2023-25475
        RESERVED
 CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi 
About M ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25473
        RESERVED
 CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove 
Podlove Pod ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25471
        RESERVED
 CVE-2023-25470
@@ -20116,7 +20116,7 @@ CVE-2023-25058
 CVE-2023-25057
        RESERVED
 CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix 
Feed The ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25055
        RESERVED
 CVE-2023-25054
@@ -24040,7 +24040,7 @@ CVE-2023-23726
 CVE-2023-23725
        RESERVED
 CVE-2023-23724 (Cross-Site Request Forgery (CSRF) vulnerability in Winwar 
Media WP Ema ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-23723 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Winw ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Winw ...)
@@ -24062,7 +24062,7 @@ CVE-2023-23715
 CVE-2023-23714
        RESERVED
 CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj 
Thulasidas Th ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta 
Manager p ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting 
A2 Optim ...)
@@ -24076,9 +24076,9 @@ CVE-2023-23708 (Auth. (contributor+) Stored Cross-Site 
Scripting (XSS) vulnerabi
 CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-23706 (Cross-Site Request Forgery (CSRF) vulnerability in miniOrange 
WordPres ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin 
WordPress ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-23704
        RESERVED
 CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) 
vulnerability i ...)
@@ -34232,11 +34232,11 @@ CVE-2022-46855 (Auth. (contributor+) Stored 
Cross-Site Scripting (XSS) vulnerabi
 CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes 
Launchp ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-46853 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme 
The Pos ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46852 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in WP T ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-46851 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm 
Force St ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46850
        RESERVED
 CVE-2022-46849
@@ -34375,7 +34375,7 @@ CVE-2022-46815 (Cross-Site Request Forgery (CSRF) 
vulnerability inLauri Karisola
 CVE-2022-46814
        RESERVED
 CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. 
Advance ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46812
        RESERVED
 CVE-2022-46811



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa1629dcdb2700c584ef65dc44dd0b772969293

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa1629dcdb2700c584ef65dc44dd0b772969293
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits