[Git][security-tracker-team/security-tracker][master] Process NFUs

Wed May 10 21:27:52 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bd4a616 by Salvatore Bonaccorso at 2023-05-10T22:27:19+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2023-32076 (in-toto is a framework to protect supply chain integrity. The in-toto  ...)
 	TODO: check
 CVE-2023-32070 (XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, ...)
-	TODO: check
+	NOT-FOR-US: XWiki
 CVE-2023-31910 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...)
 	TODO: check
 CVE-2023-31908 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...)
@@ -25,11 +25,11 @@ CVE-2023-31555 (podofoinfo 0.10.0 was discovered to contain a segmentation viola
 CVE-2023-31554 (xpdf pdfimages v4.04 was discovered to contain a stack overflow in the ...)
 	TODO: check
 CVE-2023-31471 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...)
-	TODO: check
+	NOT-FOR-US: GL.iNet devices
 CVE-2023-2630 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-2629 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-XXXX [several critical memory corruption vulnerabilities]
 	- osslsigncode 2.3.0-1 (bug #1035875)
 	NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3
@@ -2300,7 +2300,7 @@ CVE-2023-30748
 CVE-2023-30747
 	RESERVED
 CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2023-30745
 	RESERVED
 CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...)
@@ -3848,7 +3848,7 @@ CVE-2023-30196
 CVE-2023-30195
 	RESERVED
 CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...)
-	TODO: check
+	NOT-FOR-US: Prestashop
 CVE-2023-30193
 	RESERVED
 CVE-2023-30192
@@ -4417,7 +4417,7 @@ CVE-2023-29932 (llvm-project commit fdbc55a5 was discovered to contain a segment
 CVE-2023-29931
 	RESERVED
 CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning TFTP Serv ...)
-	TODO: check
+	NOT-FOR-US: Genesys
 CVE-2023-29929
 	RESERVED
 CVE-2023-29928
@@ -8149,7 +8149,7 @@ CVE-2023-28654 (Osprey Pump Controller version 1.01 has a hidden administrative
 CVE-2023-28648 (Osprey Pump Controller version 1.01 inputs passed to a GET parameter a ...)
 	NOT-FOR-US: Osprey Pump Controller
 CVE-2023-28411 (Double free in some Intel(R) Server Board BMC firmware before version  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-28410 (Improper restriction of operations within the bounds of a memory buffe ...)
 	TODO: check
 CVE-2023-28404
@@ -11938,7 +11938,7 @@ CVE-2023-27528
 CVE-2023-27392
 	RESERVED
 CVE-2023-27382 (Incorrect default permissions in the Audio Service for some Intel(R) N ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-26587
 	RESERVED
 CVE-2023-26586
@@ -12187,11 +12187,11 @@ CVE-2023-27497 (Due to missing authentication and input sanitization of code the
 CVE-2023-27393
 	RESERVED
 CVE-2023-27386 (Uncontrolled search path in some Intel(R) Pathfinder for RISC-V softwa ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-27298 (Uncontrolled search path in the WULT software maintained by Intel(R) b ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-25772 (Improper input validation in the Intel(R) Retail Edge Mobile Android a ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-24460
 	RESERVED
 CVE-2023-23572 (Cross-site scripting vulnerability in SEIKO EPSON printers/network int ...)
@@ -12332,7 +12332,7 @@ CVE-2023-27457
 CVE-2023-27456
 	RESERVED
 CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Mar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-27454
 	RESERVED
 CVE-2023-27453
@@ -12404,7 +12404,7 @@ CVE-2023-27421
 CVE-2023-27420
 	RESERVED
 CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest  ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-27418
 	RESERVED
 CVE-2023-27417
@@ -12466,7 +12466,7 @@ CVE-2023-24478
 CVE-2023-24463
 	RESERVED
 CVE-2023-22312 (Improper access control for some Intel(R) NUC BIOS firmware may allow  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-1128
@@ -12781,7 +12781,7 @@ CVE-2023-27292 (An open redirect vulnerability exposes OpenCATS to template inje
 CVE-2023-26594
 	RESERVED
 CVE-2023-25771 (Improper access control for some Intel(R) NUC BIOS firmware may allow  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-25769
 	RESERVED
 CVE-2023-25079
@@ -16306,7 +16306,7 @@ CVE-2023-25546
 CVE-2023-23904
 	RESERVED
 CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android application b ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22449
 	RESERVED
 CVE-2023-22444
@@ -16756,7 +16756,7 @@ CVE-2023-0837
 CVE-2023-25780
 	RESERVED
 CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-25773
 	RESERVED
 CVE-2023-25768 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...)
@@ -16776,21 +16776,21 @@ CVE-2023-25762 (Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not es
 CVE-2023-25761 (Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape t ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2023-25545 (Improper buffer restrictions in some Intel(R) Server Board BMC firmwar ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-25182
 	RESERVED
 CVE-2023-25179 (Uncontrolled resource consumption in the Intel(R) Unite(R) android app ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-25175 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-24475 (Out of bounds read in some Intel(R) Server Board BMC firmware before v ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22661 (Buffer overflow in some Intel(R) Server Board BMC firmware before vers ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22379 (Improper input validation in some Intel(R) Server Board BMC firmware b ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22297 (Access of memory location after end of buffer in some Intel(R) Server  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1, 2.2 b ...)
 	{DSA-5388-1}
 	- haproxy 2.6.8-1
@@ -19528,21 +19528,21 @@ CVE-2023-24856 (Microsoft PostScript and PCL6 Class Printer Driver Information D
 CVE-2023-24016
 	RESERVED
 CVE-2023-23910 (Out-of-bounds write for some Intel(R) Trace Analyzer and Collector sof ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-23909 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-23569 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22447 (Insertion of sensitive information into log file in the Open CAS softw ...)
 	TODO: check
 CVE-2023-22446
 	RESERVED
 CVE-2023-22443 (Integer overflow in some Intel(R) Server Board BMC firmware before ver ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22442 (Out of bounds write in some Intel(R) Server Board BMC firmware before  ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22440 (Incorrect default permissions in the Intel(R) SCS Add-on software inst ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22276
 	RESERVED
 CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...)
@@ -20413,7 +20413,7 @@ CVE-2023-24543
 CVE-2023-23908
 	RESERVED
 CVE-2023-23580 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-23577
 	RESERVED
 CVE-2023-23544
@@ -22400,7 +22400,7 @@ CVE-2023-23875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-23874 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23872
 	RESERVED
 CVE-2023-23871
@@ -22616,7 +22616,7 @@ CVE-2023-23796
 CVE-2023-23795
 	RESERVED
 CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23792
@@ -26069,7 +26069,7 @@ CVE-2023-22445
 CVE-2023-22430
 	RESERVED
 CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2023-22338
 	RESERVED
 CVE-2023-22337
@@ -26365,7 +26365,7 @@ CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in
 CVE-2023-22697
 	RESERVED
 CVE-2023-22696 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-22695
 	RESERVED
 CVE-2023-22694
@@ -29563,7 +29563,7 @@ CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47606 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plug ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47604
@@ -29575,7 +29575,7 @@ CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 CVE-2022-47601
 	RESERVED
 CVE-2022-47600 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47599
 	RESERVED
 CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP P ...)
@@ -29595,13 +29595,13 @@ CVE-2022-47592 (Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Co
 CVE-2022-47591 (Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47590 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Mai ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47588
 	RESERVED
 CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Corn ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47586
 	RESERVED
 CVE-2022-47585
@@ -31298,7 +31298,7 @@ CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney
 CVE-2022-47442
 	RESERVED
 CVE-2022-47441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket A ...)
@@ -31308,7 +31308,7 @@ CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability
 CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bran ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47436 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mant ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB S ...)
@@ -31334,7 +31334,7 @@ CVE-2022-47425
 CVE-2022-47424
 	RESERVED
 CVE-2022-47423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47422 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept St ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-47421
@@ -32288,7 +32288,7 @@ CVE-2022-47139
 CVE-2022-47138
 	RESERVED
 CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-47136
 	RESERVED
 CVE-2022-47135
@@ -33207,11 +33207,11 @@ CVE-2022-46821
 CVE-2022-46820
 	RESERVED
 CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46818
 	RESERVED
 CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46816
 	RESERVED
 CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP  ...)
@@ -33696,7 +33696,7 @@ CVE-2022-46676 (Wyse Management Suite 3.8 and below contain an improper access c
 CVE-2022-46675 (Wyse Management Suite Repository 3.8 and below contain an information  ...)
 	NOT-FOR-US: Wyse Management Suite
 CVE-2022-46656 (Insecure inherited permissions for the Intel(R) NUC Pro Software Suite ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2022-46645 (Uncontrolled resource consumption in the Intel(R) Smart Campus Android ...)
 	TODO: check
 CVE-2022-46279 (Improper access control in the Intel(R) Retail Edge android applicatio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bd4a61616f0f0eac1dde41a17261006bff7c31f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bd4a61616f0f0eac1dde41a17261006bff7c31f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230510/9c68c282/attachment-0001.htm>
