[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jul 11 11:20:49 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c83ec729 by Salvatore Bonaccorso at 2023-07-11T12:20:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,47 +11,47 @@ CVE-2023-37190 (A stored cross-site scripting (XSS) vulnerability in Issabel iss
 CVE-2023-37189 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...)
 	TODO: check
 CVE-2023-36925 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an una ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-36924 (While using a specific function, SAP ERP Defense Forces and Public Sec ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-36922 (Due to programming error in function module or report, SAP NetWeaver A ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-36921 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an att ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-36919 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-36918 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-36917 (SAP BusinessObjects Business Intelligence Platform - version 420, 430, ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-36517 (Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abs ...)
 	TODO: check
 CVE-2023-35874 (SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-35873 (TheRuntime Workbench (RWB) of SAP NetWeaver Process Integration- versi ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-35872 (TheMessage Display Tool (MDT) of SAP NetWeaver Process Integration- ve ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-35871 (The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-35870 (When creating a journal entry template in SAP S/4HANA (Manage Journal  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-35781 (Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin  ...)
 	TODO: check
 CVE-2023-35774 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...)
 	TODO: check
 CVE-2023-33992 (The SAP BW BICS communication layer in SAP Business Warehouse and SAP  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-33990 (SAP SQL Anywhere- version 17.0, allows an attacker to prevent legitima ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-33989 (An attacker with non-administrative authorizations in SAP NetWeaver (B ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-33988 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-33987 (An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-31405 (SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50,  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...)
 	NOT-FOR-US: PHPGurukul Online Shopping Portal
 CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...)
@@ -8571,9 +8571,9 @@ CVE-2023-2081
 CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Forcepoint
 CVE-2023-2079 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress
 CVE-2023-2078 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...)
-	TODO: check
+	NOT-FOR-US: "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress
 CVE-2021-46880 (x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 er ...)
 	- libressl <itp> (bug #754513)
 CVE-2023-30772 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...)
@@ -43101,7 +43101,7 @@ CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iT
 CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability inAdvanced Booking Cal ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45823 (Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Vide ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calenda ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45821



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c83ec72961f045a18cc47e6f6c009af20d16d6a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c83ec72961f045a18cc47e6f6c009af20d16d6a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230711/f595170e/attachment.htm>

More information about the debian-security-tracker-commits mailing list