[Git][security-tracker-team/security-tracker][master] automatic update

Sat Oct 7 09:11:54 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4a2cea0 by security tracker role at 2023-10-07T08:11:40+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...)
+	TODO: check
+CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after  ...)
+	TODO: check
+CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ...)
+	TODO: check
+CVE-2023-44860 (An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker t ...)
+	TODO: check
+CVE-2023-44061 (File Upload vulnerability in Simple and Nice Shopping Cart Script v.1. ...)
+	TODO: check
+CVE-2023-43615 (Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.)
+	TODO: check
+CVE-2023-36123 (Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 ...)
+	TODO: check
 CVE-2023-5452 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2023-5214 (In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges ...)
@@ -91016,8 +91030,8 @@ CVE-2022-34357
 	RESERVED
 CVE-2022-34356 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...)
 	NOT-FOR-US: IBM
-CVE-2022-34355
-	RESERVED
+CVE-2022-34355 (IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6 ...)
+	TODO: check
 CVE-2022-34354 (IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage o ...)
 	NOT-FOR-US: IBM
 CVE-2022-34353
@@ -94035,8 +94049,8 @@ CVE-2022-33162
 	RESERVED
 CVE-2022-33161
 	RESERVED
-CVE-2022-33160
-	RESERVED
+CVE-2022-33160 (IBM Security Directory Suite 8.0.1 uses weaker than expected cryptogra ...)
+	TODO: check
 CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...)
 	NOT-FOR-US: IBM
 CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulner ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4a2cea0eb8593dc6238fee855f64a8614f4cef2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4a2cea0eb8593dc6238fee855f64a8614f4cef2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231007/4ac8e498/attachment-0001.htm>
