Process some NFUs

author: Salvatore Bonaccorso <carnil@debian.org> 2023-03-27 22:13:35 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-03-27 22:13:35 +0200
commit: fee95ad93932e89e966fb55a53a24503fff0eb5e (patch)
tree: caeb77271e3427aff626cf54842cb0b81a146e56 /data
parent: 1909164868a343d35e89414e340f4a5d76a96d5a (diff)
1 files changed, 34 insertions, 34 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 84e4b9cb3d..2e63e36c65 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1973,7 +1973,7 @@ CVE-2023-1402 (The course participation report required additional checks to pre
 CVE-2023-1401
 	RESERVED
 CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin through 5.16.2 does n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted d ...)
 	TODO: check
 CVE-2023-1398 (A vulnerability classified as critical was found in XiaoBingBy TeaCMS  ...)
@@ -3682,7 +3682,7 @@ CVE-2023-1186 (A vulnerability has been found in FabulaTech Webcam for Remote De
 CVE-2023-1185 (A vulnerability, which was classified as problematic, was found in ECs ...)
 	NOT-FOR-US: ECshop
 CVE-2020-36666 (The directory-pro WordPress plugin before 1.9.5, final-user-wp-fronten ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-XXXX [Transaction cache overrides the current user]
 	- tryton-server 6.0.29-1
 	[bullseye] - tryton-server <not-affected> (Vulnerable code not present)
@@ -5142,21 +5142,21 @@ CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error
 CVE-2023-1094
 	RESERVED
 CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does not have  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Alpata Licensed Warehousing Automation System
 CVE-2023-1090
 	RESERVED
 CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1087 (The WC Sales Notification WordPress plugin before 1.2.3 does not have  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does not have ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1085
 	RESERVED
 CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...)
@@ -5300,7 +5300,7 @@ CVE-2023-1071
 CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...)
 	- teampass <itp> (bug #730180)
 CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is vulnerable ...)
 	NOT-FOR-US: Download Read More Excerpt Link plugin for WordPress
 CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...)
@@ -6978,7 +6978,7 @@ CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation
 CVE-2023-26512
 	RESERVED
 CVE-2023-1025 (The Simple File List WordPress plugin before 6.0.10 does not sanitise  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...)
 	NOT-FOR-US: WP Meta SEO plugin for WordPress
 CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plu ...)
@@ -7558,7 +7558,7 @@ CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.
 CVE-2023-0956
 	RESERVED
 CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0954
 	RESERVED
 CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...)
@@ -9111,7 +9111,7 @@ CVE-2023-0825
 CVE-2023-0824
 	RESERVED
 CVE-2023-0823 (The Cookie Notice &amp; Compliance for GDPR / CCPA WordPress plugin be ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-25760
 	RESERVED
 CVE-2023-25759
@@ -9317,7 +9317,7 @@ CVE-2023-25728
 CVE-2023-24585
 	RESERVED
 CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several potentia ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...)
 	NOT-FOR-US: OpenNMS
 CVE-2023-0814 (The Profile Builder &#8211; User Profile &amp; User Registration Forms ...)
@@ -11092,7 +11092,7 @@ CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before
 CVE-2023-0661 (Improper access control in Devolutions Server allows an authenticated  ...)
 	NOT-FOR-US: Devolutions
 CVE-2023-0660 (The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been clas ...)
 	NOT-FOR-US: BDCOM
 CVE-2022-4901 (Multiple stored XSS vulnerabilities in Sophos Connect versions older t ...)
@@ -11898,7 +11898,7 @@ CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_a
 	[bullseye] - linux 5.10.158-1
 	NOTE: https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2)
 CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0588
 	RESERVED
 CVE-2022-4900
@@ -12856,27 +12856,27 @@ CVE-2023-0507 (Grafana is an open-source platform for monitoring and observabili
 CVE-2023-0506
 	RESERVED
 CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have CSRF che ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF check  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0503 (The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0502 (The WP News WordPress plugin through 1.1.9 does not have CSRF check wh ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0501 (The WP Insurance WordPress plugin before 2.1.4 does not have CSRF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0500 (The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF ch ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0499 (The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0498 (The WP Education WordPress plugin before 1.2.7 does not have CSRF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0497 (The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF chec ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF check wh ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does not hav ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses]
 	RESERVED
 	{DSA-5342-1 DLA-3310-1}
@@ -12927,7 +12927,7 @@ CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub
 CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate and e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0490
 	RESERVED
 CVE-2023-0489
@@ -12941,7 +12941,7 @@ CVE-2023-0486
 CVE-2023-0485
 	RESERVED
 CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder &amp; Gutenberg B ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...)
 	- gitlab <unfixed>
 CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...)
@@ -13048,7 +13048,7 @@ CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_che
 	NOTE: https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7)
 	NOTE: https://git.kernel.org/linus/a26a35e9019fd70bf3cf647dcfdae87abc7bacea (6.1-rc7)
 CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0466
 	RESERVED
 CVE-2023-0465
@@ -13317,7 +13317,7 @@ CVE-2023-0443
 CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0440 (Observable Discrepancy in GitHub repository healthchecks/healthchecks  ...)
 	NOT-FOR-US: healthchecks
 CVE-2023-0439
@@ -14615,7 +14615,7 @@ CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of S
 CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...)
 	NOT-FOR-US: Zephyr
 CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not validate and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0393
 	RESERVED
 CVE-2023-0392
@@ -15089,9 +15089,9 @@ CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository liran
 CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...)
 	NOT-FOR-US: lirantal/daloradius
 CVE-2023-0336 (The OoohBoi Steroids for Elementor WordPress plugin through 2.1.3 has  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0335 (The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken acces ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not valid ...)
@@ -15655,7 +15655,7 @@ CVE-2023-0274
 CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate and esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does no ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2023-03-27 22:13:35 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-03-27 22:13:35 +0200
commit	fee95ad93932e89e966fb55a53a24503fff0eb5e (patch)
tree	caeb77271e3427aff626cf54842cb0b81a146e56 /data
parent	1909164868a343d35e89414e340f4a5d76a96d5a (diff)