Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6624d77 by Salvatore Bonaccorso at 2024-06-21T22:40:36+02:00
Associate some NFU entries with joplin's itp'ed item
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -81,17 +81,17 @@ CVE-2024-31890 (IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP
Connectivity Utilitie
CVE-2023-51375 (Missing Authorization vulnerability in WPDeveloper
EmbedPress.This iss ...)
NOT-FOR-US: WordPress plugin
CVE-2023-45673 (Joplin is a free, open source note taking and to-do
application. A rem ...)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2023-45197 (The file upload plugin in Adminer and AdminerEvo allows an
attacker to ...)
TODO: check
CVE-2023-39517 (Joplin is a free, open source note taking and to-do
application. A Cro ...)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2023-38506 (Joplin is a free, open source note taking and to-do
application. A Cro ...)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2023-38389 (Incorrect Authorization vulnerability in Artbees JupiterX Core
allows ...)
NOT-FOR-US: WordPress plugin
CVE-2023-37898 (Joplin is a free, open source note taking and to-do
application. A Cro ...)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2024-39277 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -79897,9 +79897,9 @@ CVE-2023-37301 (An issue was discovered in
SubmitEntityAction in Wikibase in Med
CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the
CheckUser exten ...)
NOT-FOR-US: MediaWiki extension CheckUser
CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an
image map.)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG
document.)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting,
merging, crop ...)
{DLA-3497-1}
- pypdf2 1.27.9-1
@@ -141152,7 +141152,7 @@ CVE-2022-40279 (An issue was discovered in Samsung
TizenRT through 3.0_GBM (and
CVE-2022-40278 (An issue was discovered in Samsung TizenRT through 3.0_GBM
(and 3.1_PR ...)
NOT-FOR-US: Samsung TizenRT
CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute
arbitrary ...)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2022-40276 (Zettlr version 2.3.0 allows an external attacker to remotely
obtain ar ...)
NOT-FOR-US: Zettlr
CVE-2022-40275
@@ -155211,7 +155211,7 @@ CVE-2022-35133 (A cross-site scripting (XSS)
vulnerability in CherryTree v0.99.3
CVE-2022-35132 (Usermin through 1.850 allows a remote authenticated user to
execute OS ...)
NOT-FOR-US: Usermin
CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands
via a cra ...)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2022-35130
RESERVED
CVE-2022-35129
@@ -190643,7 +190643,7 @@ CVE-2022-23342 (The Hyland Onbase Application Server
releases prior to 20.3.58.1
CVE-2022-23341
RESERVED
CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system
commands throu ...)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2022-23339
RESERVED
CVE-2022-23338
@@ -221754,7 +221754,7 @@ CVE-2021-37918 (Zoho ManageEngine ADManager Plus
version 7110 and prior allows u
CVE-2021-37917
RESERVED
CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note
body.)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog
Telephone Adap ...)
NOT-FOR-US: Grandstream
CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is
enabled an ...)
@@ -277775,7 +277775,7 @@ CVE-2020-28251 (NETSCOUT AirMagnet Enterprise 11.1.4
build 37257 and earlier has
CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a
remote user ...)
NOT-FOR-US: Cellinx NVT Web Server
CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a
note.)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2020-28248 (An integer overflow in the PngImg::InitStorage_() function of
png-img ...)
NOT-FOR-US: png-img
CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows
arbitrary send ...)
@@ -326322,7 +326322,7 @@ CVE-2020-9040 (Couchbase Server Java SDK before
2.7.1.1 allows a potential attac
CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0
through 4.6. ...)
NOT-FOR-US: Couchbase
CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS.)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2020-9037
RESERVED
CVE-2020-9036 (Jeedom through 4.0.38 allows XSS.)
@@ -424958,7 +424958,7 @@ CVE-2018-1000536 (Medis version 0.6.1 and earlier
contains a XSS vulnerability e
CVE-2018-1000535 (lms version <= LMS_011123 contains a Local File Disclosure
vulnerabili ...)
NOT-FOR-US: lms
CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a XSS evolving into
code execu ...)
- NOT-FOR-US: Joplin
+ - joplin <itp> (bug #931306)
CVE-2018-1000533 (klaussilveira GitList version <= 0.6 contains a Passing
incorrectly sa ...)
NOT-FOR-US: klaussilveira GitList
CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File
Name or Pa ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6624d77f131b34abef764fb3074fc51448461da
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6624d77f131b34abef764fb3074fc51448461da
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
