Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c264d42b by Bastien Roucariès at 2025-05-06T19:14:17+02:00
Duplicate CVEs from angular.js to civicrm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2686,6 +2686,7 @@ CVE-2025-1194 (A Regular Expression Denial of Service
(ReDoS) vulnerability was
NOT-FOR-US: huggingface/transformers
CVE-2025-0716 (Improper sanitization of the value of the 'href' and
'xlink:href' attr ...)
- angular.js <unfixed> (bug #1104485)
+ - civicrm <unfixed>
CVE-2025-0520 (An unrestricted file upload vulnerability in ShowDoc caused by
imprope ...)
NOT-FOR-US: ShowDoc
CVE-2024-57698 (An issue in modernwms v.1.0 allows an attacker view the MD5
hash of th ...)
@@ -72906,12 +72907,14 @@ CVE-2024-8373 (Improper sanitization of the value of
the [srcset] attribute in <
[trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <postponed> (Minor issue)
+ - civicrm <unfixed>
NOTE:
https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
CVE-2024-8372 (Improper sanitization of the value of the 'srcset' attribute in
Angula ...)
- angular.js <unfixed> (bug #1088804)
[trixie] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <postponed> (Minor issue)
+ - civicrm <unfixed>
NOTE:
https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and
August 14, ...)
NOT-FOR-US: Rapid7 Insight Platform
@@ -134735,6 +134738,7 @@ CVE-2024-21490 (This affects versions of the package
angular from 1.3.0. A regul
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <postponed> (Fix along with the next DLA)
+ - civicrm <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has
been decl ...)
NOT-FOR-US: Linksys
@@ -194071,6 +194075,7 @@ CVE-2023-26118 (Versions of the package angular from
1.4.9 are vulnerable to Reg
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
+ - civicrm <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to
Regular E ...)
- angular.js <unfixed> (bug #1036694)
@@ -194078,6 +194083,7 @@ CVE-2023-26117 (Versions of the package angular from
1.0.0 are vulnerable to Reg
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
+ - civicrm <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to
Regular ...)
- angular.js <unfixed> (bug #1036694)
@@ -194085,6 +194091,7 @@ CVE-2023-26116 (Versions of the package angular from
1.2.21 are vulnerable to Re
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
+ - civicrm <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
CVE-2023-26115 (All versions of the package word-wrap are vulnerable to
Regular Expres ...)
NOT-FOR-US: Node.js word-wrap module
@@ -274442,6 +274449,7 @@ CVE-2022-25869 (All versions of package angular are
vulnerable to Cross-site Scr
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue)
+ - civicrm <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are
vulnerable to ...)
NOT-FOR-US: socket.io-client-java
@@ -274503,6 +274511,7 @@ CVE-2022-25844 (The package angular after 1.7.0 are
vulnerable to Regular Expres
[bullseye] - angular.js <no-dsa> (Minor issue)
[buster] - angular.js <no-dsa> (Minor issue, probably even not-affected)
[stretch] - angular.js <ignored> (Nodejs in stretch not covered by
security support)
+ - civicrm <unfixed>
NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
CVE-2022-25843
RESERVED
@@ -468785,6 +468794,7 @@ CVE-2019-10769 (safer-eval is a npm package to
sandbox the he evaluation of code
NOT-FOR-US: safer-eval Node module
CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be
tricked into ...)
- angular.js 1.7.9-1 (bug #945249)
+ - civicrm <unfixed>
[buster] - angular.js <no-dsa> (Minor issue; can be fixed via point
release)
[stretch] - angular.js <ignored> (Nodejs in stretch not covered by
security support)
[jessie] - angular.js <not-affected> (vulnerable code is not present,
deep merging introduced later)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c264d42b0464fb9f927eb502e7272be2e3bb6f76
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c264d42b0464fb9f927eb502e7272be2e3bb6f76
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
