[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Nov 17 09:49:14 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f94cf8c8 by Moritz Muehlenhoff at 2023-11-17T10:48:51+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -151,13 +151,13 @@ CVE-2023-6019 (A command injection exists in Ray's cpu_profile URL parameter all
 CVE-2023-6018 (An attacker can overwrite any file on the server hosting MLflow withou ...)
 	NOT-FOR-US: mlflow
 CVE-2023-6017 (H2O included a reference to an S3 bucket that no longer existed allowi ...)
-	TODO: check
+	NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
 CVE-2023-6016 (An attacker is able to gain remote code execution on a server hosting  ...)
-	TODO: check
+	NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
 CVE-2023-6015 (MLflow allowed arbitrary files to be PUT onto the server.)
 	NOT-FOR-US: mlflow
 CVE-2023-6013 (H2O is vulnerable to stored XSS vulnerability which can lead to a Loca ...)
-	TODO: check
+	NOT-FOR-US: H2O (h2ai) (not the same as src:h2o)
 CVE-2023-4771 (A Cross-Site scripting vulnerability has been found in CKSource CKEdit ...)
 	TODO: check
 CVE-2023-48134 (nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive I ...)
@@ -167,7 +167,7 @@ CVE-2023-48056 (PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Bloc
 CVE-2023-48055 (SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption  ...)
 	NOT-FOR-US: SuperAGI
 CVE-2023-48054 (Missing SSL certificate validation in localstack v2.3.2 allows attacke ...)
-	TODO: check
+	NOT-FOR-US: localstack.cloud
 CVE-2023-48053 (Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaini ...)
 	NOT-FOR-US: Archery
 CVE-2023-48052 (Missing SSL certificate validation in HTTPie v3.2.2 allows attackers t ...)
@@ -391,7 +391,7 @@ CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly sanitize
 CVE-2023-5676 (In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an ...)
 	NOT-FOR-US: Eclipse OpenJ9
 CVE-2023-5245 (FileUtil.extract() enumerates all zip file entries and extracts each f ...)
-	TODO: check
+	NOT-FOR-US: mleap
 CVE-2023-4602 (The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-48219 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...)
@@ -423,7 +423,7 @@ CVE-2023-41699 (URL Redirection to Untrusted Site ('Open Redirect') vulnerabilit
 CVE-2023-34982 (This external control vulnerability, if exploited, could allow a local ...)
 	NOT-FOR-US: AVEVA
 CVE-2023-34062 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...)
-	TODO: check
+	NOT-FOR-US: Reactor Netty HTTP Server
 CVE-2023-33873 (This privilege escalation vulnerability, if exploited, cloud allow a l ...)
 	NOT-FOR-US: AVEVA
 CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...)
@@ -35380,7 +35380,7 @@ CVE-2023-28623 (Zulip is an open-source team collaboration tool with unique topi
 CVE-2023-28622 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Tri ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-28619
@@ -43225,7 +43225,7 @@ CVE-2023-26032 (ZoneMinder is a free, open source Closed-circuit television soft
 	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9
 	NOTE: https://github.com/ZoneMinder/zoneminder/commit/decf3e307bdadc0a96ffb151d19f4a4605a7cc71
 CVE-2023-26031 (Relative library resolution in linux container-executor binary in Apac ...)
-	TODO: check
+	- hadoop <itp> (bug #793644)
 CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...)
 	NOT-FOR-US: pixelfed
 CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does not prop ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94cf8c879dce13ad5e9adf9fdf12b42f398d5b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f94cf8c879dce13ad5e9adf9fdf12b42f398d5b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231117/ac49ae3a/attachment.htm>

More information about the debian-security-tracker-commits mailing list