[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Mon, 18 Dec 2023 12:43:52 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
671371f8 by Salvatore Bonaccorso at 2023-12-18T21:43:23+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,37 +1,37 @@
 CVE-2023-6920
        REJECTED
 CVE-2023-6911 (Multiple WSO2 products have been identified as vulnerable due 
to impro ...)
-       TODO: check
+       NOT-FOR-US: WSO2
 CVE-2023-6817 (A use-after-free vulnerability in the Linux kernel's netfilter: 
nf_tab ...)
        TODO: check
 CVE-2023-6778 (Cross-site Scripting (XSS) - Stored in GitHub repository 
allegroai/cle ...)
        TODO: check
 CVE-2023-6691 (Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a 
code inje ...)
-       TODO: check
+       NOT-FOR-US: Cambium ePMP Force
 CVE-2023-6295 (The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 
does not  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6289 (The Swift Performance Lite WordPress plugin before 2.3.6.15 
does not p ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6272 (The Theme My Login 2FA WordPress plugin before 1.2 does not 
rate limit ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6222 (IThe Quttera Web Malware Scanner WordPress plugin before 
3.4.2.1 does  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6203 (The Events Calendar WordPress plugin before 6.2.8.1 discloses 
the cont ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6077 (The Slider WordPress plugin before 3.5.12 does not ensure that 
posts t ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-6065 (The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 
doesn' ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5949 (The SmartCrawl WordPress plugin before 3.8.3 does not prevent 
unauthor ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5886 (The Export any WordPress data to XML/CSV WordPress plugin 
before 1.4.0 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5882 (The Export any WordPress data to XML/CSV WordPress plugin 
before 1.4.0 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5348 (The Product Catalog Mode For WooCommerce WordPress plugin 
before 5.0.3 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin 
before ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur 
if a us ...)
        - openssh <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
@@ -41,47 +41,47 @@ CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain 
destination constrai
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2
        NOTE: 
https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b
 (V_9_6_P1)
 CVE-2023-50372 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki 
Miyashita C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4724 (The Export any WordPress data to XML/CSV WordPress plugin 
before 1.4.0 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-4311 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is 
vulnerab ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-49855 (Cross-Site Request Forgery (CSRF) vulnerability in 
BinaryCarpenter Men ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-49854 (Cross-Site Request Forgery (CSRF) vulnerability in Tribe 
Interactive C ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-49853 (Cross-Site Request Forgery (CSRF) vulnerability in PayTR 
\xd6deme ve E ...)
        TODO: check
 CVE-2023-49844 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin 
Ohashi WPPerf ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-49843 (Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge 
First O ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-49840 (Cross-Site Request Forgery (CSRF) vulnerability in Palscode 
Multi Curr ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-48766 (Cross-Site Request Forgery (CSRF) vulnerability in SVGator 
SVGator \u2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-48762 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock 
JetEleme ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-48755 (Cross-Site Request Forgery (CSRF) vulnerability in Michael 
Winkler tea ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47806 (Cross-Site Request Forgery (CSRF) vulnerability in Saint 
Systems Disab ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47789 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce 
Canada  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47787 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce 
WooComm ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-47741 (IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web 
browser cl ...)
        NOT-FOR-US: IBM
 CVE-2023-46617 (Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly 
AdFoxly \u2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-46177 (IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote 
attacker to t ...)
        NOT-FOR-US: IBM
 CVE-2023-39509 (A command injection vulnerability exists in Bosch IP cameras 
that allo ...)
-       TODO: check
+       NOT-FOR-US: Bosch IP cameras
 CVE-2023-35867 (An improper handling of a malformed API answer packets to API 
clients  ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2023-33214 (Cross-Site Request Forgery (CSRF) vulnerability in Tagbox 
Tagbox \u201 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2023-32728 (The Zabbix Agent 2 item key smart.disk.get does not sanitize 
its param ...)
        TODO: check
 CVE-2023-32727 (An attacker who has the privilege to configure Zabbix items 
can use fu ...)
@@ -91,7 +91,7 @@ CVE-2023-32726 (The vulnerability is caused by improper check 
for check if RDLEN
 CVE-2023-32725 (The website configured in the URL widget will receive a 
session cookie ...)
        TODO: check
 CVE-2023-32230 (An improper handling of a malformed API request to an API 
server in Bo ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2023-46447 [Rogue Session Attack in AsyncSSH]
        - python-asyncssh <unfixed>
        NOTE: https://terrapin-attack.com/
@@ -43031,7 +43031,7 @@ CVE-2023-28055 (Dell NetWorker, Version 19.7 has an 
improper authorization vulne
 CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
        NOT-FOR-US: Dell
 CVE-2023-28053 (Dell NetWorker Virtual Edition versions 19.8 and below contain 
the use ...)
-       TODO: check
+       NOT-FOR-US: Dell
 CVE-2023-28052 (Dell BIOS contains an improper input validation vulnerability. 
A local ...)
        NOT-FOR-US: Dell
 CVE-2023-28051 (Dell Power Manager, versions 3.10 and prior, contains an 
Improper Acce ...)
@@ -84206,7 +84206,7 @@ CVE-2022-41678 (Once an user is authenticated on 
Jolokia, he can potentially tri
        NOTE: https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
        NOTE: 
https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
 CVE-2022-41677 (An information disclosure vulnerability was discovered in 
Bosch IP cam ...)
-       TODO: check
+       NOT-FOR-US: Bosch
 CVE-2022-41658 (Insecure inherited permissions in the Intel(R) VTune(TM) 
Profiler soft ...)
        NOT-FOR-US: Intel
 CVE-2022-41637
@@ -86780,7 +86780,7 @@ CVE-2022-40671 (Cross-Site Request Forgery (CSRF) 
vulnerability in Rate my Post
 CVE-2022-40632 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors 
Team wpFor ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-40312 (Server-Side Request Forgery (SSRF) vulnerability in GiveWP 
GiveWP \u20 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in 
Rate my Po ...)
        NOT-FOR-US: WordPress plugin
 CVE-2022-40223 (Nonce token leakage and missing authorization in SearchWP 
premium plug ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/671371f8021e2d0c52767bbb9865c8ff6398c6eb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/671371f8021e2d0c52767bbb9865c8ff6398c6eb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to