[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 17 21:13:11 BST 2023



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57917e90 by Salvatore Bonaccorso at 2023-04-17T22:12:44+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6538,7 +6538,7 @@ CVE-2023-1475 (A vulnerability, which was classified as critical, has been found
 CVE-2023-1474 (A vulnerability classified as critical was found in SourceCodester Aut ...)
 	NOT-FOR-US: SourceCodester Automatic Question Paper Generator System
 CVE-2023-1473 (The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1472 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...)
 	NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress
 CVE-2023-1471 (The WP Popup Banners plugin for WordPress is vulnerable to SQL Injecti ...)
@@ -6646,7 +6646,7 @@ CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimco
 CVE-2023-1428
 	RESERVED
 CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not en ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Aw ...)
@@ -6990,7 +6990,7 @@ CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been
 CVE-2023-1414
 	RESERVED
 CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and escape s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...)
 	NOT-FOR-US: Cloudflare WARP
 CVE-2023-1411
@@ -7719,11 +7719,11 @@ CVE-2023-1375
 CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...)
 	NOT-FOR-US: Solidres plugin for WordPress
 CVE-2023-1373 (The W4 Post List WordPress plugin before 2.4.6 does not escape some UR ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1372 (The WH Testimonials plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WH Testimonials plugin for WordPress
 CVE-2023-1371 (The W4 Post List WordPress plugin before 2.4.6 does not ensure that pa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...)
 	{DLA-3373-1}
 	- json-smart <unfixed> (bug #1033474)
@@ -8171,7 +8171,7 @@ CVE-2023-1333 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vu
 CVE-2023-1332
 	RESERVED
 CVE-2023-1331 (The Redirection WordPress plugin before 1.1.5 does not have CSRF check ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add nonce verif ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1329
@@ -8183,7 +8183,7 @@ CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected b
 CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and earli ...)
 	NOT-FOR-US: Apport
 CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not va ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1324
 	RESERVED
 CVE-2023-1323
@@ -8383,7 +8383,7 @@ CVE-2023-1284
 CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.0. ...)
 	NOT-FOR-US: qwik
 CVE-2023-1282 (The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control index fil ...)
 	- linux 6.1.15-1
 	NOTE: https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2
@@ -8496,7 +8496,7 @@ CVE-2023-1276 (A vulnerability, which was classified as critical, has been found
 CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Phone Shop Sales Managements System
 CVE-2023-1274 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1273
 	RESERVED
 CVE-2023-1272
@@ -13870,7 +13870,7 @@ CVE-2023-0891
 CVE-2023-0890 (The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0889 (Themeflection Numbers WordPress plugin before 2.0.1 does not have auth ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...)
 	NOT-FOR-US: Space Battery Pack SP with Wi-Fi
 CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...)
@@ -15093,9 +15093,9 @@ CVE-2023-0767
 CVE-2023-0766
 	RESERVED
 CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not prop ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perf ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0763
 	RESERVED
 CVE-2023-0762
@@ -20232,7 +20232,7 @@ CVE-2023-0376
 CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not valida ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0374 (The W4 Post List WordPress plugin before 2.4.6 does not validate and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0373 (The Lightweight Accordion WordPress plugin before 1.5.15 does not vali ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0372 (The EmbedStories WordPress plugin before 0.7.5 does not validate and e ...)
@@ -20312,7 +20312,7 @@ CVE-2023-23755
 CVE-2023-23754
 	RESERVED
 CVE-2023-0367 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0365 (The React Webcam WordPress plugin through 1.2.0 does not validate and  ...)
@@ -21058,7 +21058,7 @@ CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does not
 CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly sani ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not properly ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0276
 	RESERVED
 CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57917e90cef52262c04a1a181c7e233bb71e99a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/57917e90cef52262c04a1a181c7e233bb71e99a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230417/25933852/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list