[Git][security-tracker-team/security-tracker][master] Process NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fa1629d by Salvatore Bonaccorso at 2023-05-24T08:08:49+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,9 +31,9 @@ CVE-2023-31517 (Teeworlds v0.7.5 was discovered to contain memory leaks.)
 	- teeworlds <unfixed>
 	NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b
 CVE-2023-2703 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...)
-	TODO: check
+	NOT-FOR-US: Finex Media Competition Management System
 CVE-2023-2702 (Authorization Bypass Through User-Controlled Key vulnerability in Fine ...)
-	TODO: check
+	NOT-FOR-US: Finex Media Competition Management System
 CVE-2023-31996 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection ...)
 	NOT-FOR-US: Hanwha
 CVE-2023-31995 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Script ...)
@@ -4525,7 +4525,7 @@ CVE-2023-30384
 CVE-2023-30383
 	RESERVED
 CVE-2023-30382 (A buffer overflow in the component hl.exe of Valve Half-Life up to 543 ...)
-	TODO: check
+	NOT-FOR-US: hl.exe of Valve Half-Life
 CVE-2023-30381
 	RESERVED
 CVE-2023-30380 (An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 ...)
@@ -7364,7 +7364,7 @@ CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drive
 	[buster] - linux 4.19.249-1
 	NOTE: https://git.kernel.org/linus/fb4554c2232e44d595920f4d5c66cf8f7d13f9bc (5.18)
 CVE-2023-1837 (Missing Authentication for critical function vulnerability in HYPR Ser ...)
-	TODO: check
+	NOT-FOR-US: HYPR
 CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...)
 	- gitlab <unfixed>
 CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not p ...)
@@ -9563,7 +9563,7 @@ CVE-2023-1510
 CVE-2023-1509 (The GMAce plugin for WordPress is vulnerable to Cross-Site Request For ...)
 	NOT-FOR-US: GMAce plugin for WordPress
 CVE-2023-1508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: Adam Retail Automation Systems Mobilmen Terminal Software
 CVE-2023-1507 (A vulnerability has been found in SourceCodester E-Commerce System 1.0 ...)
 	NOT-FOR-US: SourceCodester E-Commerce System
 CVE-2023-1506 (A vulnerability, which was classified as critical, was found in Source ...)
@@ -12295,7 +12295,7 @@ CVE-2023-1211 (SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.
 CVE-2023-1210
 	RESERVED
 CVE-2023-1209 (Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records ...)
-	TODO: check
+	NOT-FOR-US: ServiceNow
 CVE-2023-1208
 	RESERVED
 CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...)
@@ -17237,13 +17237,13 @@ CVE-2023-26016 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i
 CVE-2023-26015
 	RESERVED
 CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HT ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-26013
 	RESERVED
 CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denz ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-26009
@@ -18208,7 +18208,7 @@ CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware Loc
 CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR \u20 ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-25707 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooki ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25706
 	RESERVED
 CVE-2023-25705 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go P ...)
@@ -19120,7 +19120,7 @@ CVE-2023-25483
 CVE-2023-25482
 	RESERVED
 CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Sub ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25480
 	RESERVED
 CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...)
@@ -19134,11 +19134,11 @@ CVE-2023-25476
 CVE-2023-25475
 	RESERVED
 CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About M ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25473
 	RESERVED
 CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Pod ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25471
 	RESERVED
 CVE-2023-25470
@@ -20116,7 +20116,7 @@ CVE-2023-25058
 CVE-2023-25057
 	RESERVED
 CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25055
 	RESERVED
 CVE-2023-25054
@@ -24040,7 +24040,7 @@ CVE-2023-23726
 CVE-2023-23725
 	RESERVED
 CVE-2023-23724 (Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Ema ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23723 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...)
@@ -24062,7 +24062,7 @@ CVE-2023-23715
 CVE-2023-23714
 	RESERVED
 CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...)
@@ -24076,9 +24076,9 @@ CVE-2023-23708 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-23706 (Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-23704
 	RESERVED
 CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -34232,11 +34232,11 @@ CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabi
 CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46853 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Pos ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46852 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP T ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-46851 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force St ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46850
 	RESERVED
 CVE-2022-46849
@@ -34375,7 +34375,7 @@ CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola
 CVE-2022-46814
 	RESERVED
 CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2022-46812
 	RESERVED
 CVE-2022-46811



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa1629dcdb2700c584ef65dc44dd0b772969293

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9fa1629dcdb2700c584ef65dc44dd0b772969293
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230524/427c208e/attachment-0001.htm>