[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) Wed, 24 May 2023 13:32:56 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2c00947f by Salvatore Bonaccorso at 2023-05-24T22:32:09+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,33 +7,33 @@ CVE-2023-33981 (Briar before 1.4.22 allows attackers to spoof 
other users' messa
 CVE-2023-33980 (Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 
allows a ...)
        - briar <itp> (bug #1019932)
 CVE-2023-33950 (Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, 
and Lif ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33949 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and 
earlier t ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33948 (The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, 
and Lifera ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33947 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, 
and Life ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33946 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, 
and Life ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33945 (SQL injection vulnerability in the upgrade process for SQL 
Server in L ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33944 (Cross-site scripting (XSS) vulnerability in Layout module in 
Liferay P ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33943 (Cross-site scripting (XSS) vulnerability in the Account module 
in Life ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33942 (Cross-site scripting (XSS) vulnerability in the Web Content 
Display wi ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33941 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Plugin for  ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33940 (Cross-site scripting (XSS) vulnerability in IFrame type Remote 
Apps in ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33939 (Cross-site scripting (XSS) vulnerability in the Modified Facet 
widget  ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33938 (Cross-site scripting (XSS) vulnerability in the App Builder 
module's c ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33937 (Stored cross-site scripting (XSS) vulnerability in Form widget 
configu ...)
-       TODO: check
+       NOT-FOR-US: Liferay
 CVE-2023-33829 (A stored cross-site scripting (XSS) vulnerability in Cloudogu 
GmbH SCM ...)
        TODO: check
 CVE-2023-33800 (A stored cross-site scripting (XSS) vulnerability in the 
Create Region ...)
@@ -69,13 +69,13 @@ CVE-2023-33786 (A stored cross-site scripting (XSS) 
vulnerability in the Create
 CVE-2023-33785 (A stored cross-site scripting (XSS) vulnerability in the 
Create Rack R ...)
        TODO: check
 CVE-2023-33010 (A buffer overflow vulnerability in the ID processing function 
in Zyxel ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2023-33009 (A buffer overflow vulnerability in the notification function 
in Zyxel  ...)
-       TODO: check
+       NOT-FOR-US: Zyxel
 CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers 
to escala ...)
-       TODO: check
+       NOT-FOR-US: MobileTrans
 CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect 
Access Contro ...)
-       TODO: check
+       NOT-FOR-US: IC Realtime ICIP-P2012T
 CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of 
MiVoice Co ...)
        TODO: check
 CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of 
Mitel MiVo ...)
@@ -83,29 +83,29 @@ CVE-2023-31459 (A vulnerability in the Connect Mobility 
Router component of Mite
 CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel 
MiVoice  ...)
        TODO: check
 CVE-2023-2875 (A vulnerability, which was classified as problematic, was found 
in eSc ...)
-       TODO: check
+       NOT-FOR-US: eScan Antivirus
 CVE-2023-2874 (A vulnerability, which was classified as problematic, has been 
found i ...)
-       TODO: check
+       NOT-FOR-US: Twister Antivirus
 CVE-2023-2873 (A vulnerability classified as critical was found in Twister 
Antivirus  ...)
-       TODO: check
+       NOT-FOR-US: Twister Antivirus
 CVE-2023-2872 (A vulnerability classified as problematic has been found in 
FlexiHub 5 ...)
-       TODO: check
+       NOT-FOR-US: FlexiHub
 CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop 
6.1.0.0 ...)
        TODO: check
 CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9. 
It has  ...)
-       TODO: check
+       NOT-FOR-US: EnTech Monitor Asset Manager
 CVE-2023-2868 (A remote command injection vulnerability exists in the 
Barracuda Email ...)
-       TODO: check
+       NOT-FOR-US: Barracuda
 CVE-2023-2865 (A vulnerability was found in SourceCodester Theme Park 
Ticketing Syste ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Theme Park Ticketing System
 CVE-2023-2864 (A vulnerability was found in SourceCodester Online Jewelry 
Store 1.0 a ...)
-       TODO: check
+       NOT-FOR-US: SourceCodester Online Jewelry Store
 CVE-2023-2863 (A vulnerability has been found in Simple Design Daily Journal 
1.012.GP ...)
-       TODO: check
+       NOT-FOR-US: Simple Design Daily Journal
 CVE-2023-2862 (A vulnerability, which was classified as problematic, was found 
in Sit ...)
-       TODO: check
+       NOT-FOR-US: SiteServer CMS
 CVE-2023-2750 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Cityboss E-municipality
 CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain 
conditions, there ...)
        NOT-FOR-US: Apache RocketMQ
 CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite 
database fi ...)
@@ -3938,9 +3938,9 @@ CVE-2023-2067
 CVE-2023-2066
        RESERVED
 CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability 
in Armo ...)
-       TODO: check
+       NOT-FOR-US: Armoli Technology Cargo Tracking System
 CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Minova Technology eTrace
 CVE-2023-2063
        RESERVED
 CVE-2023-2062
@@ -3978,7 +3978,7 @@ CVE-2023-2047 (A vulnerability was found in Campcodes 
Advanced Online Voting Sys
 CVE-2023-2046
        RESERVED
 CVE-2023-2045 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
-       TODO: check
+       NOT-FOR-US: Ipekyolu Software Auto Damage Tracking Software
 CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1 
and cla ...)
        NOT-FOR-US: Control iD iDSecure
 CVE-2023-2043 (A vulnerability, which was classified as problematic, was found 
in Con ...)
@@ -20375,7 +20375,7 @@ CVE-2023-25030
 CVE-2023-25029
        RESERVED
 CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in chuy ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Kibo ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-25026
@@ -32646,11 +32646,11 @@ CVE-2021-4245 (A vulnerability classified as 
problematic has been found in chbro
 CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
RexTheme ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47448 (Cross-Site Request Forgery (CSRF) vulnerability in 
dev.Xiligroup.Com - ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu 
Chartier Wo ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat 
Creations St ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47445
        RESERVED
 CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 
ProfileP ...)
@@ -33564,7 +33564,7 @@ CVE-2022-47182
 CVE-2022-47181
        RESERVED
 CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme 
Kopa Fra ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs 
OWM Weat ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-47178
@@ -33620,7 +33620,7 @@ CVE-2022-47154 (Cross-Site Request Forgery (CSRF) 
vulnerability in Pi Websolutio
 CVE-2022-47153
        RESERVED
 CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC 
ClickFu ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-47151
        RESERVED
 CVE-2022-47150
@@ -34578,7 +34578,7 @@ CVE-2022-46818
 CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Flyz ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking 
Ultra Pro A ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri 
Karisola / WP  ...)
        NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for 
WooCommerce plugin
 CVE-2022-46814
@@ -34622,7 +34622,7 @@ CVE-2022-46796
 CVE-2022-46795
        RESERVED
 CVE-2022-46794 (Cross-Site Request Forgery (CSRF) vulnerability in 
weightbasedshipping ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io 
Product ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-4366 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
@@ -39174,7 +39174,7 @@ CVE-2022-45366
 CVE-2022-45365
        RESERVED
 CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. 
Mongaya ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in 
Muffingroup B ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-45362
@@ -102859,7 +102859,7 @@ CVE-2022-0358 (A flaw was found in the QEMU virtio-fs 
shared file system daemon
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044863
        NOTE: 
https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca
 CVE-2022-0357 (Unquoted Search Path or Element vulnerability in the 
Vulnerability Sca ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2022-0356
        RESERVED
 CVE-2021-4215



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c00947fc77a53ac98e0c71a6fd03f3e9485c647

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c00947fc77a53ac98e0c71a6fd03f3e9485c647
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to