[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 8 21:36:15 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a113fb06 by Salvatore Bonaccorso at 2023-05-08T22:35:47+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
 CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.)
 	TODO: check
 CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...)
-	TODO: check
+	NOT-FOR-US: Strikingly CMS
 CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2023-2574 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...)
-	TODO: check
+	NOT-FOR-US: Advantech
 CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...)
 	NOT-FOR-US: OpenEMR
 CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API  ...)
@@ -1596,7 +1596,7 @@ CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for J
 CVE-2023-30856 (eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and pri ...)
 	NOT-FOR-US: eDEX-UI
 CVE-2023-30855 (Pimcore is an open source data and experience management platform. Ver ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2023-30854 (AVideo is an open source video platform. Prior to version 12.4, an OS  ...)
 	NOT-FOR-US: AVideo
 CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in their Gi ...)
@@ -3814,7 +3814,7 @@ CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS Flo
 CVE-2023-30093 (An arbitrary file upload vulnerability in Open Networking Foundation O ...)
 	NOT-FOR-US: Open Network Operating System (ONOS)
 CVE-2023-30092 (SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL  ...)
-	TODO: check
+	NOT-FOR-US: SourceCodester Online Pizza Ordering System
 CVE-2023-30091
 	RESERVED
 CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vu ...)
@@ -3960,7 +3960,7 @@ CVE-2023-30021
 CVE-2023-30020
 	RESERVED
 CVE-2023-30019 (imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF)  ...)
-	TODO: check
+	NOT-FOR-US: imgproxy
 CVE-2023-30018 (Judging Management System v1.0 is vulnerable to SQL Injection. via /ph ...)
 	NOT-FOR-US: Judging Management System
 CVE-2023-30017
@@ -4644,13 +4644,13 @@ CVE-2023-29698
 CVE-2023-29697
 	RESERVED
 CVE-2023-29696 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2023-29695
 	RESERVED
 CVE-2023-29694
 	RESERVED
 CVE-2023-29693 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...)
-	TODO: check
+	NOT-FOR-US: H3C
 CVE-2023-29692
 	RESERVED
 CVE-2023-29691
@@ -8572,7 +8572,7 @@ CVE-2023-28495
 CVE-2023-28494
 	RESERVED
 CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability  ...)
-	TODO: check
+	NOT-FOR-US: Wordpress theme
 CVE-2023-28492
 	RESERVED
 CVE-2023-28491
@@ -9716,7 +9716,7 @@ CVE-2023-28171
 CVE-2023-28170
 	RESERVED
 CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-28168
 	RESERVED
 CVE-2023-28167
@@ -17802,7 +17802,7 @@ CVE-2023-25454
 CVE-2023-25453
 	RESERVED
 CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25450
@@ -18747,7 +18747,7 @@ CVE-2023-25054
 CVE-2023-25053
 	RESERVED
 CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tepl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25051
 	RESERVED
 CVE-2023-25050
@@ -20808,7 +20808,7 @@ CVE-2023-24410
 CVE-2023-24409
 	RESERVED
 CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-24407
 	RESERVED
 CVE-2023-24406
@@ -22807,7 +22807,7 @@ CVE-2023-23670 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
 CVE-2023-23669
 	RESERVED
 CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23667
 	RESERVED
 CVE-2023-23666
@@ -31040,11 +31040,11 @@ CVE-2022-47441
 CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket A ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpD ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bran ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47436
 	RESERVED
 CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
@@ -32985,7 +32985,7 @@ CVE-2022-46801
 CVE-2022-46800
 	RESERVED
 CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46797 (Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-o ...)
@@ -36009,7 +36009,7 @@ CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Al
 CVE-2022-45813
 	RESERVED
 CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45811
 	RESERVED
 CVE-2022-45810
@@ -38349,7 +38349,7 @@ CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability inDevsCred Exclu
 CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-45064 (The SlingRequestDispatcher doesn't correctly implement the RequestDisp ...)
 	NOT-FOR-US: Apache Sling
 CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...)
@@ -157044,9 +157044,9 @@ CVE-2021-29001
 CVE-2021-29000
 	RESERVED
 CVE-2021-28999 (SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows r ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2021-28998 (File upload vulnerability in CMS Made Simple through 2.2.15 allows rem ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple
 CVE-2021-28997
 	RESERVED
 CVE-2021-28996
@@ -175631,7 +175631,7 @@ CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (remo
 	NOTE: https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc
 	NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3
 CVE-2020-36065 (Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows a ...)
-	TODO: check
+	NOT-FOR-US: FlyCms
 CVE-2020-36064 (Online Course Registration v1.0 was discovered to contain hardcoded cr ...)
 	NOT-FOR-US: Online Course Registration
 CVE-2020-36063
@@ -201318,7 +201318,7 @@ CVE-2020-23968 (Ilex International Sign&go Workstation Security Suite 7.1 allows
 CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of privilege  ...)
 	NOT-FOR-US: Dr.Web Security Space
 CVE-2020-23966 (SQL Injection vulnerability in victor cms 1.0 allows attackers to exec ...)
-	TODO: check
+	NOT-FOR-US: victor cms
 CVE-2020-23965
 	RESERVED
 CVE-2020-23964
@@ -203874,7 +203874,7 @@ CVE-2020-22757
 CVE-2020-22756
 	RESERVED
 CVE-2020-22755 (File upload vulnerability in MCMS 5.0 allows attackers to execute arbi ...)
-	TODO: check
+	NOT-FOR-US: MCMS
 CVE-2020-22754
 	RESERVED
 CVE-2020-22753
@@ -204763,7 +204763,7 @@ CVE-2020-22336
 CVE-2020-22335
 	RESERVED
 CVE-2020-22334 (Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows a ...)
-	TODO: check
+	NOT-FOR-US: beescms
 CVE-2020-22333
 	RESERVED
 CVE-2020-22332



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a113fb0647d5f96e0747797a23738c38d988067e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a113fb0647d5f96e0747797a23738c38d988067e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230508/3d352dae/attachment.htm>

More information about the debian-security-tracker-commits mailing list