[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 30 21:19:08 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cf7300d9 by Salvatore Bonaccorso at 2023-08-30T22:18:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,43 +7,43 @@ CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized modif
 CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15 ...)
 	TODO: check
 CVE-2023-4209 (The POEditor WordPress plugin before 0.9.8 does not have CSRF checks i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4150 (The User Activity Tracking and Log WordPress plugin before 4.0.9 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4109 (The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin be ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4036 (The Simple Blog Card WordPress plugin before 1.32 does not ensure that ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4035 (The Simple Blog Card WordPress plugin before 1.31 does not validate an ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4023 (The All Users Messenger WordPress plugin through 1.24 does not prevent ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4013 (The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41563 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41562 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41561 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41560 (Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack ov ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41559 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41558 (Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41557 (Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were di ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41556 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41555 (Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41554 (Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack ov ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41553 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41552 (Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-41539 (phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injectio ...)
 	TODO: check
 CVE-2023-41538 (phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting  ...)
@@ -53,27 +53,27 @@ CVE-2023-41537 (phpjabbers Business Directory Script 3.2 is vulnerable to Cross
 CVE-2023-41039 (RestrictedPython is a restricted execution environment for Python to r ...)
 	TODO: check
 CVE-2023-40848 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40847 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40845 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40844 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40843 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40842 (Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to B ...)
 	TODO: check
 CVE-2023-40841 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40840 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40839 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40838 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40837 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50 ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-40598 (In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attac ...)
 	TODO: check
 CVE-2023-40597 (In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an  ...)
@@ -93,15 +93,15 @@ CVE-2023-40582 (find-exec is a utility to discover available shell commands. Ver
 CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In versio ...)
 	TODO: check
 CVE-2023-3992 (The PostX WordPress plugin before 3.0.6 does not sanitise and escape a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3720 (The Upload Media By URL WordPress plugin before 1.0.8 does not have CS ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3501 (The FormCraft WordPress plugin before 1.2.7 does not sanitise and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3356 (The Subscribers Text Counter WordPress plugin before 1.7.1 does not ha ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3136 (The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: MailArchiver plugin for WordPress
 CVE-2023-35094 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	TODO: check
 CVE-2023-35092 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abha ...)
@@ -115,7 +115,7 @@ CVE-2023-34184 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bh
 CVE-2023-34183 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vali ...)
 	TODO: check
 CVE-2023-34180 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-34176 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpr ...)
 	TODO: check
 CVE-2023-34175 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSla ...)
@@ -16748,7 +16748,7 @@ CVE-2023-1984 (A vulnerability classified as critical was found in SourceCodeste
 CVE-2023-1983 (A vulnerability was found in SourceCodester Sales Tracker Management S ...)
 	NOT-FOR-US: SourceCodester Sales Tracker Management System
 CVE-2023-1982 (The Front Editor WordPress plugin through 4.0.4 does not sanitize and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1981 (A vulnerability was found in the avahi library. This flaw allows an un ...)
 	{DLA-3414-1}
 	- avahi 0.8-10 (bug #1034594)
@@ -96791,7 +96791,7 @@ CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site s
 CVE-2022-1602 (A potential security vulnerability has been identified in HP ThinPro 7 ...)
 	NOT-FOR-US: HP
 CVE-2022-1601 (The User Access Manager WordPress plugin before 2.2.18 prioritizes get ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-1600 (The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visit ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does not ha ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf7300d9434043ea045a6f8dcadf075eab55caca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cf7300d9434043ea045a6f8dcadf075eab55caca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230830/9fe14c9b/attachment.htm>

More information about the debian-security-tracker-commits mailing list