[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Oct 18 09:49:00 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8b902f92 by Salvatore Bonaccorso at 2023-10-18T10:48:30+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,11 @@
 CVE-2023-5626 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior t ...)
 	TODO: check
 CVE-2023-5621 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: Thumbnail Slider With Lightbox plugin for WordPress
 CVE-2023-5552 (A password disclosure vulnerability in the Secure PDF eXchange (SPX) f ...)
 	TODO: check
 CVE-2023-5538 (The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross ...)
-	TODO: check
+	NOT-FOR-US: MpOperationLogs plugin for WordPress
 CVE-2023-4938 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...)
 	TODO: check
 CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator.  A `__p ...)
@@ -39,7 +39,7 @@ CVE-2023-41630 (eSST Monitoring v2.147.1 was discovered to contain a remote code
 CVE-2023-41629 (A lack of input sanitizing in the file download feature of eSST Monito ...)
 	TODO: check
 CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is vulnerable to C ...)
-	TODO: check
+	NOT-FOR-US: Widgets for Google Reviews plugin for WordPress
 CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the NormalizationFilter does  ...)
 	TODO: check
 CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either strings o ...)
@@ -66581,15 +66581,15 @@ CVE-2022-43895
 CVE-2022-43894
 	RESERVED
 CVE-2022-43893 (IBM Security Verify Privilege On-Premises 11.5 could allow a privilege ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43892 (IBM Security Verify Privilege On-Premises 11.5 does not validate, or i ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43891 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43890
 	RESERVED
 CVE-2022-43889 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43888
 	RESERVED
 CVE-2022-43887 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to ...)
@@ -129671,11 +129671,11 @@ CVE-2022-22388
 CVE-2022-22387 (IBM Application Gateway is vulnerable to cross-site scripting. This vu ...)
 	NOT-FOR-US: IBM
 CVE-2022-22386 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22385 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22384 (IBM Security Verify Privilege On-Premises 11.5 could allow an attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22383
 	RESERVED
 CVE-2022-22382
@@ -129683,17 +129683,17 @@ CVE-2022-22382
 CVE-2022-22381
 	RESERVED
 CVE-2022-22380 (IBM Security Verify Privilege On-Premises 11.5 could allow an attacker ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22379
 	RESERVED
 CVE-2022-22378
 	RESERVED
 CVE-2022-22377 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22376
 	RESERVED
 CVE-2022-22375 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote au ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subj ...)
 	NOT-FOR-US: IBM
 CVE-2022-22373 (An improper validation vulnerability in IBM InfoSphere Information Ser ...)
@@ -154427,7 +154427,7 @@ CVE-2021-38861
 CVE-2021-38860
 	RESERVED
 CVE-2021-38859 (IBM Security Verify Privilege On-Premises 11.5 could allow a user to o ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...)
 	{DSA-4963-1 DLA-2774-1 DLA-2766-1}
 	- openssl 1.1.1l-1
@@ -177748,7 +177748,7 @@ CVE-2021-29915
 CVE-2021-29914
 	RESERVED
 CVE-2021-29913 (IBM Security Verify Privilege On-Premise 11.5 could allow an authentic ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-29912 (IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site  ...)
 	NOT-FOR-US: IBM
 CVE-2021-29911
@@ -202156,7 +202156,7 @@ CVE-2021-20583 (IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66
 CVE-2021-20582 (IBM Security Secret Server up to 11.0 stores sensitive information in  ...)
 	NOT-FOR-US: IBM
 CVE-2021-20581 (IBM Security Verify Privilege On-Premises 11.5 could allow a user to o ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-20580 (IBM Planning Analytics 2.0 could be vulnerable to cross-site request f ...)
 	NOT-FOR-US: IBM
 CVE-2021-20579 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b902f921dbbcee57f6ac726a4105c4eb747beb8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b902f921dbbcee57f6ac726a4105c4eb747beb8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231018/5b1403b2/attachment.htm>

More information about the debian-security-tracker-commits mailing list