Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4260160 by Salvatore Bonaccorso at 2023-09-05T12:29:49+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2023-4748 (A vulnerability, which was classified as
critical, has been found
CVE-2023-4733 (Use After Free in GitHub repository vim/vim prior to 9.0.1840.)
TODO: check
CVE-2023-4636 (The WordPress File Sharing Plugin plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress File Sharing Plugin plugin for WordPress
CVE-2023-4616 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
TODO: check
CVE-2023-4615 (This vulnerability allows remote attackers to disclose
sensitive infor ...)
@@ -29,25 +29,25 @@ CVE-2023-4587 (An IDOR vulnerability has been found in
ZKTeco ZEM800 product aff
CVE-2023-4540 (Improper Handling of Exceptional Conditions vulnerability in
Daurnimat ...)
TODO: check
CVE-2023-4298 (The 123.chat WordPress plugin before 1.3.1 does not sanitise
and escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4284 (The Post Timeline WordPress plugin before 2.2.6 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4279 (This User Activity Log WordPress plugin before 1.6.7 retrieves
client ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4269 (The User Activity Log WordPress plugin before 1.6.6 lacks
proper autho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4254 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4253 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4216 (The Orders Tracking for WooCommerce WordPress plugin before
1.2.6 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4151 (The Store Locator WordPress plugin before 1.4.13 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4059 (The Profile Builder WordPress plugin before 3.9.8 lacks
authorisation ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4019 (The Media from FTP WordPress plugin before 11.17 does not
properly lim ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a
CDP PDU ...)
TODO: check
CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0.
bgp_nlri_parse_f ...)
@@ -87,9 +87,9 @@ CVE-2023-40196 (Unauth. Reflected Cross-Site Scripting (XSS)
vulnerability in Im
CVE-2023-40015 (Vyper is a Pythonic Smart Contract Language. For the following
(probab ...)
TODO: check
CVE-2023-3814 (The Advanced File Manager WordPress plugin before 5.1.1 does
not adequ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3499 (The Photo Gallery, Images, Slider in Rbs Image Gallery
WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3222 (Vulnerability in the password recovery mechanism of Password
Recovery ...)
TODO: check
CVE-2023-3221 (User enumeration vulnerability in Password Recovery plugin 1.2
version ...)
@@ -129,9 +129,9 @@ CVE-2023-36308 (disintegration Imaging 1.6.2 allows
attackers to cause a panic (
CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an
integer ...)
TODO: check
CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to
bypass IP res ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-35892 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-33021 (Memory corruption in Graphics while processing user packets
for comman ...)
TODO: check
CVE-2023-33020 (Transient DOS in WLAN Host when an invalid channel (like
channel out o ...)
@@ -145,7 +145,7 @@ CVE-2023-33015 (Transient DOS in WLAN Firmware while
interpreting MBSSID IE of a
CVE-2023-32578 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
TODO: check
CVE-2023-32338 (IBM Sterling Secure Proxy and IBM Sterling External
Authentication Ser ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-32296 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Kangu pa ...)
TODO: check
CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
@@ -20820,7 +20820,7 @@ CVE-2023-29263
CVE-2023-29262
RESERVED
CVE-2023-29261 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local
user wit ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-29260 (IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to
server-side ...)
NOT-FOR-US: IBM
CVE-2023-29259 (IBM Sterling Connect:Express for UNIX 1.5 browser UI is
vulnerable to ...)
@@ -40789,7 +40789,7 @@ CVE-2023-22872
CVE-2023-22871
RESERVED
CVE-2023-22870 (IBM Aspera Faspex 5.0.5 transmits sensitive information in
cleartext w ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2023-22869
RESERVED
CVE-2023-22868 (IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting.
This vu ...)
@@ -59797,7 +59797,7 @@ CVE-2022-43905
CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive
informati ...)
NOT-FOR-US: IBM
CVE-2022-43903 (IBM Security Guardium 10.6, 11.3, and 11.4 could allow an
authenticate ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a
denial ...)
NOT-FOR-US: IBM
CVE-2022-43901 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps
1.4.3 coul ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4260160288bdf355b2fcb912038abe8154c0758
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4260160288bdf355b2fcb912038abe8154c0758
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
