[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 5 11:30:18 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f4260160 by Salvatore Bonaccorso at 2023-09-05T12:29:49+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,7 +15,7 @@ CVE-2023-4748 (A vulnerability, which was classified as critical, has been found
 CVE-2023-4733 (Use After Free in GitHub repository vim/vim prior to 9.0.1840.)
 	TODO: check
 CVE-2023-4636 (The WordPress File Sharing Plugin plugin for WordPress is vulnerable t ...)
-	TODO: check
+	NOT-FOR-US: WordPress File Sharing Plugin plugin for WordPress
 CVE-2023-4616 (This vulnerability allows remote attackers to disclose sensitive infor ...)
 	TODO: check
 CVE-2023-4615 (This vulnerability allows remote attackers to disclose sensitive infor ...)
@@ -29,25 +29,25 @@ CVE-2023-4587 (An IDOR vulnerability has been found in ZKTeco ZEM800 product aff
 CVE-2023-4540 (Improper Handling of Exceptional Conditions vulnerability in Daurnimat ...)
 	TODO: check
 CVE-2023-4298 (The 123.chat WordPress plugin before 1.3.1 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4284 (The Post Timeline WordPress plugin before 2.2.6 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4279 (This User Activity Log WordPress plugin before 1.6.7 retrieves client  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4269 (The User Activity Log WordPress plugin before 1.6.6 lacks proper autho ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4254 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4253 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4216 (The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4151 (The Store Locator WordPress plugin before 1.4.13 does not sanitise and ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4059 (The Profile Builder WordPress plugin before 3.9.8 lacks authorisation  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-4019 (The Media from FTP WordPress plugin before 11.17 does not properly lim ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU  ...)
 	TODO: check
 CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_f ...)
@@ -87,9 +87,9 @@ CVE-2023-40196 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Im
 CVE-2023-40015 (Vyper is a Pythonic Smart Contract Language. For the following (probab ...)
 	TODO: check
 CVE-2023-3814 (The Advanced File Manager WordPress plugin before 5.1.1 does not adequ ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3499 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2023-3222 (Vulnerability in the password recovery mechanism of Password Recovery  ...)
 	TODO: check
 CVE-2023-3221 (User enumeration vulnerability in Password Recovery plugin 1.2 version ...)
@@ -129,9 +129,9 @@ CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic (
 CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer  ...)
 	TODO: check
 CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP res ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-35892 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-33021 (Memory corruption in Graphics while processing user packets for comman ...)
 	TODO: check
 CVE-2023-33020 (Transient DOS in WLAN Host when an invalid channel (like channel out o ...)
@@ -145,7 +145,7 @@ CVE-2023-33015 (Transient DOS in WLAN Firmware while interpreting MBSSID IE of a
 CVE-2023-32578 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
 	TODO: check
 CVE-2023-32338 (IBM Sterling Secure Proxy and IBM Sterling External Authentication Ser ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-32296 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu pa ...)
 	TODO: check
 CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...)
@@ -20820,7 +20820,7 @@ CVE-2023-29263
 CVE-2023-29262
 	RESERVED
 CVE-2023-29261 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user wit ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-29260 (IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side ...)
 	NOT-FOR-US: IBM
 CVE-2023-29259 (IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to  ...)
@@ -40789,7 +40789,7 @@ CVE-2023-22872
 CVE-2023-22871
 	RESERVED
 CVE-2023-22870 (IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext w ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2023-22869
 	RESERVED
 CVE-2023-22868 (IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vu ...)
@@ -59797,7 +59797,7 @@ CVE-2022-43905
 CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive informati ...)
 	NOT-FOR-US: IBM
 CVE-2022-43903 (IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticate ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial  ...)
 	NOT-FOR-US: IBM
 CVE-2022-43901 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 coul ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4260160288bdf355b2fcb912038abe8154c0758

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f4260160288bdf355b2fcb912038abe8154c0758
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230905/703bc791/attachment.htm>

More information about the debian-security-tracker-commits mailing list