[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 25 21:45:14 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
799a0328 by Salvatore Bonaccorso at 2023-05-25T22:43:29+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,47 +1,47 @@
 CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
-	TODO: check
+	NOT-FOR-US: mipjz
 CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...)
-	TODO: check
+	NOT-FOR-US: mipjz
 CVE-2023-33356 (IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).)
-	TODO: check
+	NOT-FOR-US: IceCMS
 CVE-2023-33355 (IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access t ...)
-	TODO: check
+	NOT-FOR-US: IceCMS
 CVE-2023-33280 (In the Store Commander scquickaccounting module for PrestaShop through ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-33279 (In the Store Commander scfixmyprestashop module through 2023-05-09 for ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-33278 (In the Store Commander scexportcustomers module for PrestaShop through ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an openly v ...)
-	TODO: check
+	NOT-FOR-US: WFTPD
 CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd generation an ...)
-	TODO: check
+	NOT-FOR-US: Amazon Alexa
 CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's `validate ...)
 	TODO: check
 CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.)
-	TODO: check
+	NOT-FOR-US: ZLMediaKit
 CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...)
-	TODO: check
+	NOT-FOR-US: IC Realtime ICIP-P2012T
 CVE-2023-31458 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2023-2888 (A vulnerability, which was classified as problematic, was found in PHP ...)
-	TODO: check
+	NOT-FOR-US: PHPOK
 CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows ...)
-	TODO: check
+	NOT-FOR-US: CBOT Chatbot
 CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot  ...)
-	TODO: check
+	NOT-FOR-US: CBOT Chatbot
 CVE-2023-2885 (Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allow ...)
-	TODO: check
+	NOT-FOR-US: CBOT Chatbot
 CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), U ...)
-	TODO: check
+	NOT-FOR-US: CBOT Chatbot
 CVE-2023-2883 (Authorization Bypass Through User-Controlled Key vulnerability in CBOT ...)
-	TODO: check
+	NOT-FOR-US: CBOT Chatbot
 CVE-2023-2882 (Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot  ...)
-	TODO: check
+	NOT-FOR-US: CBOT Chatbot
 CVE-2023-2881 (Storing Passwords in a Recoverable Format in GitHub repository pimcore ...)
-	TODO: check
+	NOT-FOR-US: pimcore
 CVE-2023-2851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
-	TODO: check
+	NOT-FOR-US: AGT Tech Ceppatron
 CVE-2023-2798 (Those using HtmlUnit to browse untrusted webpages may be vulnerable to ...)
 	TODO: check
 CVE-2023-2734 (The MStore API plugin for WordPress is vulnerable to authentication by ...)
@@ -53,11 +53,11 @@ CVE-2023-2732 (The MStore API plugin for WordPress is vulnerable to authenticati
 CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...)
 	NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress
 CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.12598. ...)
-	TODO: check
+	NOT-FOR-US: M-Files
 CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...)
 	TODO: check
 CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...)
-	TODO: check
+	NOT-FOR-US: Wacom Tablet Driver installer
 CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data]
 	- wordpress 6.2.2+dfsg1-1 (bug #1036689)
 	NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/
@@ -140,11 +140,11 @@ CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers to
 CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...)
 	NOT-FOR-US: IC Realtime ICIP-P2012T
 CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel MiVoice  ...)
-	TODO: check
+	NOT-FOR-US: Mitel
 CVE-2023-2875 (A vulnerability, which was classified as problematic, was found in eSc ...)
 	NOT-FOR-US: eScan Antivirus
 CVE-2023-2874 (A vulnerability, which was classified as problematic, has been found i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/799a0328c037c7dd4be3367e3fd9b93ea24d5b6b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/799a0328c037c7dd4be3367e3fd9b93ea24d5b6b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230525/378702b6/attachment.htm>

More information about the debian-security-tracker-commits mailing list