Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4bc90306 by Moritz Muehlenhoff at 2023-07-18T13:28:50+02:00
new openrefine issue (and rewrite older NFUs)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,7 +121,9 @@ CVE-2023-37769 (stress-test master commit e4c878 was
discovered to contain a FPE
CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for
developing ...)
NOT-FOR-US: Open Enclave
CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A
carefull ...)
- TODO: check
+ - openrefine <unfixed>
+ NOTE:
https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
+ NOTE:
https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the
avro cod ...)
NOT-FOR-US: Hamba avro
CVE-2023-37461 (Metersphere is an opensource testing framework. Files uploaded
to Mete ...)
@@ -316814,7 +316816,7 @@ CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in
PDFDoc.cc allows attackers t
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because
Directory T ...)
- NOT-FOR-US: OpenRefine
+ NOTE: OpenRefine issue not reproducible by upstream
CVE-2019-3579 (MyBB 1.8.19 allows remote attackers to obtain sensitive
information be ...)
NOT-FOR-US: MyBB
CVE-2019-3578 (MyBB 1.8.19 has XSS in the resetpassword function.)
@@ -318894,7 +318896,7 @@ CVE-2018-20159 (i-doit open 1.11.2 allows Remote Code
Execution because ZIP arch
CVE-2018-20158
RESERVED
CVE-2018-20157 (The data import functionality in OpenRefine through 3.1 allows
an XML ...)
- NOT-FOR-US: OpenRefine
+ - openrefine <not-affected> (Fixed before initial upload)
CVE-2018-20156 (The WP Maintenance Mode plugin before 2.0.7 for WordPress
allows remot ...)
NOT-FOR-US: WordPress plugin wp-maintenance-mode
CVE-2018-20155 (The WP Maintenance Mode plugin before 2.0.7 for WordPress
allows remot ...)
@@ -323843,7 +323845,7 @@ CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1
and earlier allows remote att
CVE-2018-19860 (Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0
2012-12-11, ...)
NOT-FOR-US: Broadcom components for Android
CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a
relative p ...)
- NOT-FOR-US: OpenRefine
+ - openrefine <not-affected> (Fixed before initial upload)
CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to
the lack ...)
NOT-FOR-US: PrinceXML
CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media
player 3. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc90306872108ed0ad95817bec483358d92766e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc90306872108ed0ad95817bec483358d92766e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
