[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Fri, 17 Nov 2023 01:49:21 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f94cf8c8 by Moritz Muehlenhoff at 2023-11-17T10:48:51+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -151,13 +151,13 @@ CVE-2023-6019 (A command injection exists in Ray's 
cpu_profile URL parameter all
 CVE-2023-6018 (An attacker can overwrite any file on the server hosting MLflow 
withou ...)
        NOT-FOR-US: mlflow
 CVE-2023-6017 (H2O included a reference to an S3 bucket that no longer existed 
allowi ...)
-       TODO: check
+       NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
 CVE-2023-6016 (An attacker is able to gain remote code execution on a server 
hosting  ...)
-       TODO: check
+       NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
 CVE-2023-6015 (MLflow allowed arbitrary files to be PUT onto the server.)
        NOT-FOR-US: mlflow
 CVE-2023-6013 (H2O is vulnerable to stored XSS vulnerability which can lead to 
a Loca ...)
-       TODO: check
+       NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
 CVE-2023-4771 (A Cross-Site scripting vulnerability has been found in CKSource 
CKEdit ...)
        TODO: check
 CVE-2023-48134 (nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of 
Sensitive I ...)
@@ -167,7 +167,7 @@ CVE-2023-48056 (PyPinkSign v0.5.1 uses a non-random or 
static IV for Cipher Bloc
 CVE-2023-48055 (SuperAGI v0.0.13 was discovered to use a hardcoded key for 
encryption  ...)
        NOT-FOR-US: SuperAGI
 CVE-2023-48054 (Missing SSL certificate validation in localstack v2.3.2 allows 
attacke ...)
-       TODO: check
+       NOT-FOR-US: localstack.cloud
 CVE-2023-48053 (Archery v1.10.0 uses a non-random or static IV for Cipher 
Block Chaini ...)
        NOT-FOR-US: Archery
 CVE-2023-48052 (Missing SSL certificate validation in HTTPie v3.2.2 allows 
attackers t ...)
@@ -391,7 +391,7 @@ CVE-2023-5720 (A flaw was found in Quarkus, where it does 
not properly sanitize
 CVE-2023-5676 (In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced 
into an ...)
        NOT-FOR-US: Eclipse OpenJ9
 CVE-2023-5245 (FileUtil.extract() enumerates all zip file entries and extracts 
each f ...)
-       TODO: check
+       NOT-FOR-US: mleap
 CVE-2023-4602 (The Namaste! LMS plugin for WordPress is vulnerable to 
Reflected Cross ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-48219 (TinyMCE is an open source rich text editor. A mutation 
cross-site scri ...)
@@ -423,7 +423,7 @@ CVE-2023-41699 (URL Redirection to Untrusted Site ('Open 
Redirect') vulnerabilit
 CVE-2023-34982 (This external control vulnerability, if exploited, could allow 
a local ...)
        NOT-FOR-US: AVEVA
 CVE-2023-34062 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 
and versi ...)
-       TODO: check
+       NOT-FOR-US: Reactor Netty HTTP Server
 CVE-2023-33873 (This privilege escalation vulnerability, if exploited, cloud 
allow a l ...)
        NOT-FOR-US: AVEVA
 CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary 
file up ...)
@@ -35380,7 +35380,7 @@ CVE-2023-28623 (Zulip is an open-source team 
collaboration tool with unique topi
 CVE-2023-28622 (Auth. (author+) Stored Cross-Site Scripting (XSS) 
vulnerability in Tri ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-28621 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       TODO: check
+       NOT-FOR-US: WordPress theme
 CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability 
in Cybe ...)
        NOT-FOR-US: WordPress plugin
 CVE-2023-28619
@@ -43225,7 +43225,7 @@ CVE-2023-26032 (ZoneMinder is a free, open source 
Closed-circuit television soft
        NOTE: 
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9
        NOTE: 
https://github.com/ZoneMinder/zoneminder/commit/decf3e307bdadc0a96ffb151d19f4a4605a7cc71
 CVE-2023-26031 (Relative library resolution in linux container-executor binary 
in Apac ...)
-       TODO: check
+       - hadoop <itp> (bug #793644)
 CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in 
GitHub r ...)
        NOT-FOR-US: pixelfed
 CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does 
not prop ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94cf8c879dce13ad5e9adf9fdf12b42f398d5b3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94cf8c879dce13ad5e9adf9fdf12b42f398d5b3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to