Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aac4e7f0 by Salvatore Bonaccorso at 2023-09-25T22:15:35+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,25 +9,25 @@ CVE-2023-5156 (A flaw was found in the GNU C Library. A
recent fix for CVE-2023-
CVE-2023-4892 (Teedy v1.11 has a vulnerability in its text editor that allows
events ...)
TODO: check
CVE-2023-4631 (The DoLogin Security WordPress plugin before 3.7 uses headers
such as ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4549 (The DoLogin Security WordPress plugin before 3.7 does not
properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4521 (The Import XML and RSS Feeds WordPress plugin before 2.1.5
contains a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4502 (The Translate WordPress with GTranslate WordPress plugin before
3.0.4 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4490 (The WP Job Portal WordPress plugin through 2.0.3 does not
sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4476 (The Locatoraid Store Locator WordPress plugin before 3.9.24
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4300 (The Import XML and RSS Feeds WordPress plugin before 2.1.4 does
not fi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4281 (This Activity Log WordPress plugin before 2.8.8 retrieves
client IP ad ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4238 (The Prevent files / folders access WordPress plugin before
2.5.2 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-4148 (The Ditty WordPress plugin before 3.1.25 does not sanitise and
escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-43644 (Sing-box is an open source proxy system. Affected versions are
subject ...)
TODO: check
CVE-2023-43642 (snappy-java is a Java port of the snappy, a fast C++
compresser/decomp ...)
@@ -45,7 +45,7 @@ CVE-2023-43319 (Cross Site Scripting (XSS) vulnerability in
the Sign-In page of
CVE-2023-43256 (A path traversal in Gladys Assistant v4.26.1 and below allows
authenti ...)
TODO: check
CVE-2023-43141 (TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137
are vulner ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2023-43131 (General Device Manager 2.5.2.2 is vulnerable to Buffer
Overflow.)
TODO: check
CVE-2023-42817 (Pimcore admin-ui-classic-bundle provides a Backend UI for
Pimcore. The ...)
@@ -85,13 +85,13 @@ CVE-2023-41293 (Data security classification vulnerability
in the DDMP module. S
CVE-2023-40163 (An out-of-bounds write vulnerability exists in the
allocate_buffer_for ...)
TODO: check
CVE-2023-3664 (The FileOrganizer WordPress plugin through 1.0.2 does not
restrict fun ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3550 (Mediawiki v1.40.0 does not validate namespaces used in XML
files. The ...)
TODO: check
CVE-2023-3547 (The All in One B2B for WooCommerce WordPress plugin through
1.0.3 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-3226 (The Popup Builder WordPress plugin through 4.1.15 does not
sanitise an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2023-39640 (UpLight cookiebanner before 1.5.1 was discovered to contain a
SQL inje ...)
TODO: check
CVE-2023-39453 (A use-after-free vulnerability exists in the tif_parse_sub_IFD
functio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac4e7f0befd495f9dd24eac2acd29f9e88896f6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac4e7f0befd495f9dd24eac2acd29f9e88896f6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
