[Git][security-tracker-team/security-tracker][master] new openrefine issue (and rewrite older NFUs)
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jul 18 12:29:19 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4bc90306 by Moritz Muehlenhoff at 2023-07-18T13:28:50+02:00
new openrefine issue (and rewrite older NFUs)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121,7 +121,9 @@ CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE
CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...)
NOT-FOR-US: Open Enclave
CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...)
- TODO: check
+ - openrefine <unfixed>
+ NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq
+ NOTE: https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e
CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the avro cod ...)
NOT-FOR-US: Hamba avro
CVE-2023-37461 (Metersphere is an opensource testing framework. Files uploaded to Mete ...)
@@ -316814,7 +316816,7 @@ CVE-2018-20662 (In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers t
NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/706
NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/7b4e372deeb716eb3fe3a54b31ed41af759224f9
CVE-2019-3580 (OpenRefine through 3.1 allows arbitrary file write because Directory T ...)
- NOT-FOR-US: OpenRefine
+ NOTE: OpenRefine issue not reproducible by upstream
CVE-2019-3579 (MyBB 1.8.19 allows remote attackers to obtain sensitive information be ...)
NOT-FOR-US: MyBB
CVE-2019-3578 (MyBB 1.8.19 has XSS in the resetpassword function.)
@@ -318894,7 +318896,7 @@ CVE-2018-20159 (i-doit open 1.11.2 allows Remote Code Execution because ZIP arch
CVE-2018-20158
RESERVED
CVE-2018-20157 (The data import functionality in OpenRefine through 3.1 allows an XML ...)
- NOT-FOR-US: OpenRefine
+ - openrefine <not-affected> (Fixed before initial upload)
CVE-2018-20156 (The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remot ...)
NOT-FOR-US: WordPress plugin wp-maintenance-mode
CVE-2018-20155 (The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remot ...)
@@ -323843,7 +323845,7 @@ CVE-2018-19861 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote att
CVE-2018-19860 (Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, ...)
NOT-FOR-US: Broadcom components for Android
CVE-2018-19859 (OpenRefine before 3.2 beta allows directory traversal via a relative p ...)
- NOT-FOR-US: OpenRefine
+ - openrefine <not-affected> (Fixed before initial upload)
CVE-2018-19858 (PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack ...)
NOT-FOR-US: PrinceXML
CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc90306872108ed0ad95817bec483358d92766e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bc90306872108ed0ad95817bec483358d92766e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230718/662d2648/attachment.htm>
More information about the debian-security-tracker-commits
mailing list