[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 13 20:24:36 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9f0d16a by Salvatore Bonaccorso at 2023-03-13T21:24:07+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -125,11 +125,11 @@ CVE-2023-1376
 CVE-2023-1375
 	RESERVED
 CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: Solidres plugin for WordPress
 CVE-2023-1373
 	RESERVED
 CVE-2023-1372 (The WH Testimonials plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: WH Testimonials plugin for WordPress
 CVE-2023-1371
 	RESERVED
 CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...)
@@ -3300,15 +3300,15 @@ CVE-2023-27067
 CVE-2023-27066
 	RESERVED
 CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27063 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27062 (Tenda V15V1.0 was discovered to contain a buffer overflow vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a  ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2023-27060
 	RESERVED
 CVE-2023-27059
@@ -6541,7 +6541,7 @@ CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with s
 	- consul <not-affected> (Only affects 1.14.x)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197
 CVE-2023-0844 (The Namaste! LMS WordPress plugin before 2.6 does not sanitize and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0843
 	RESERVED
 CVE-2023-0842
@@ -7114,7 +7114,7 @@ CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certific
 CVE-2023-0773
 	RESERVED
 CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25676
 	RESERVED
 CVE-2023-25675
@@ -7347,7 +7347,7 @@ CVE-2023-0751 (When GELI reads a key file from standard input, it does not reuse
 CVE-2023-0750
 	RESERVED
 CVE-2023-0749 (The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to  ...)
 	NOT-FOR-US: btcpayserver
 CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...)
@@ -10091,7 +10091,7 @@ CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does no
 CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not valida ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not valida ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0537
 	RESERVED
 CVE-2023-0536
@@ -10495,7 +10495,7 @@ CVE-2023-0479
 CVE-2023-0478
 	RESERVED
 CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...)
 	NOT-FOR-US: Tenable
 CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...)
@@ -14287,7 +14287,7 @@ CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version 8.3
 CVE-2023-0220 (The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0219 (The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0218
 	RESERVED
 CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...)
@@ -14815,7 +14815,7 @@ CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and esc
 CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0172 (The Juicer WordPress plugin before 1.11 does not validate and escape s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does n ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...)
@@ -16039,7 +16039,7 @@ CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and
 CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0073 (The Client Logo Carousel WordPress plugin through 3.0.0 does not valid ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not vali ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...)
@@ -16053,7 +16053,7 @@ CVE-2023-0068 (The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugi
 CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not validate and e ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0066 (The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0065 (The i2 Pros & Cons WordPress plugin through 1.3.1 does not validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0064 (The eVision Responsive Column Layout Shortcodes WordPress plugin throu ...)
@@ -16259,7 +16259,7 @@ CVE-2023-0039 (The User Post Gallery - UPG plugin for WordPress is vulnerable to
 CVE-2023-0038 (The "Survey Maker – Best WordPress Survey Plugin" plugin for Wor ...)
 	NOT-FOR-US: "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress
 CVE-2023-0037 (The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 d ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0036 (platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and ...)
 	NOT-FOR-US: OpenHarmony
 CVE-2023-0035 (softbus_client_stub in communication subsystem within OpenHarmony-v3.0 ...)
@@ -18041,7 +18041,7 @@ CVE-2022-4662 (A flaw incorrect access control in the Linux kernel USB core subs
 	[buster] - linux 4.19.260-1
 	NOTE: https://git.kernel.org/linus/9c6d778800b921bde3bff3cff5003d1650f942d1 (6.0-rc4)
 CVE-2022-4661 (The Widgets for WooCommerce Products on Elementor WordPress plugin bef ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4660
 	RESERVED
 CVE-2022-4659
@@ -18059,7 +18059,7 @@ CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3
 CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate and esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4652 (The Video Background WordPress plugin before 2.7.5 does not validate a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4651 (The Justified Gallery WordPress plugin before 1.7.1 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...)
@@ -20911,7 +20911,7 @@ CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not valida
 CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not valida ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4466 (The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f0d16a27afedae66cd142523cfc13f2528c83c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9f0d16a27afedae66cd142523cfc13f2528c83c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230313/98b1a844/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list