[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Apr 7 21:21:59 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3af32118 by Salvatore Bonaccorso at 2023-04-07T22:21:12+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -161,33 +161,33 @@ CVE-2023-1933
 CVE-2023-1932
 	RESERVED
 CVE-2023-1931 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1930 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1929 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1928 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1927 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1926 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1925 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1924 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1923 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1922 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1921 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1920 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1919 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1918 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site  ...)
-	TODO: check
+	NOT-FOR-US: WP Fastest Cache plugin for WordPress
 CVE-2023-1917
 	RESERVED
 CVE-2022-48436
@@ -5433,7 +5433,7 @@ CVE-2023-27878
 CVE-2023-27877
 	RESERVED
 CVE-2023-27876 (IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other user's cred ...)
 	NOT-FOR-US: IBM
 CVE-2023-27874 (IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity inject ...)
@@ -7841,25 +7841,25 @@ CVE-2023-27023
 CVE-2023-27022
 	RESERVED
 CVE-2023-27021 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27020 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27019 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27018 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27017 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27016 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27015 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27014 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27013 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27012 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27011
 	RESERVED
 CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions ...)
@@ -7929,7 +7929,7 @@ CVE-2023-26980
 CVE-2023-26979
 	RESERVED
 CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-26977
 	RESERVED
 CVE-2023-26976 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...)
@@ -8195,7 +8195,7 @@ CVE-2023-26850
 CVE-2023-26849
 	RESERVED
 CVE-2023-26848 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2023-26847
 	RESERVED
 CVE-2023-26846
@@ -12824,27 +12824,27 @@ CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflo
 	NOTE: https://github.com/strukturag/libde265/issues/388
 	NOTE: https://github.com/strukturag/libde265/commit/857290982330e82d9e25d9d39527c6737021aa7d (v1.0.11)
 CVE-2023-25220 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25219 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25218 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25217 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25216 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25215 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25214 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25213 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25212 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25211 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25210 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-25209
 	RESERVED
 CVE-2023-25208
@@ -13292,7 +13292,7 @@ CVE-2023-25051
 CVE-2023-25050
 	RESERVED
 CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25048
 	RESERVED
 CVE-2023-25047
@@ -38514,7 +38514,7 @@ CVE-2022-43930 (IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vuln
 CVE-2022-43929 (IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to ...)
 	NOT-FOR-US: IBM
 CVE-2022-43928 (The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43927 (IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable ...)
 	NOT-FOR-US: IBM
 CVE-2022-43926
@@ -38542,7 +38542,7 @@ CVE-2022-43916
 CVE-2022-43915
 	RESERVED
 CVE-2022-43914 (IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scrip ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43913
 	RESERVED
 CVE-2022-43912
@@ -64826,7 +64826,7 @@ CVE-2022-34335 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1
 CVE-2022-34334 (IBM Sterling Partner Engagement Manager 2.0 does not invalidate sessio ...)
 	NOT-FOR-US: IBM
 CVE-2022-34333 (IBM Sterling Order Management 10.0 does not require that users should  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-34332
 	RESERVED
 CVE-2022-34331 (After performing a sequence of Power FW950, FW1010 maintenance operati ...)
@@ -65881,7 +65881,7 @@ CVE-2017-20058 (A vulnerability classified as problematic was found in Elefant C
 CVE-2017-20057 (A vulnerability classified as problematic has been found in Elefant CM ...)
 	NOT-FOR-US: Elefant CMS
 CVE-2022-33959 (IBM Sterling Order Management 10.0 could allow a user to bypass valida ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-33958
 	RESERVED
 CVE-2022-33957



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3af32118b9bdd61cc9ffb1f3f41f5c3b5766cf8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3af32118b9bdd61cc9ffb1f3f41f5c3b5766cf8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230407/4a01d68a/attachment.htm>

More information about the debian-security-tracker-commits mailing list