Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e359bf06 by Salvatore Bonaccorso at 2026-05-14T10:54:09+02:00
Associate some older NFUs with node-protobufjs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16566,7 +16566,7 @@ CVE-2026-6056
CVE-2026-0868 (The EMC \u2013 Easily Embed Calendly Scheduling Features plugin
for Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2026-41242 (protobufjs compiles protobuf definitions into JavaScript (JS)
function ...)
- NOT-FOR-US: protobuf.js
+ - node-protobufjs <itp> (bug #977564)
CVE-2026-40948 (The Keycloak authentication manager in
`apache-airflow-providers-keycl ...)
NOT-FOR-US: Airflow provider
CVE-2026-2986 (The Contextual Related Posts plugin for WordPress is vulnerable
to Sto ...)
@@ -321961,7 +321961,7 @@ CVE-2023-36933 (In Progress MOVEit Transfer before
2021.0.9 (13.0.9), 2021.1.7 (
CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11),
2021.0.9 (13.0 ...)
NOT-FOR-US: Progress MOVEit Transfer
CVE-2023-36665 ("protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5
allows P ...)
- NOT-FOR-US: protobuf.js
+ - node-protobufjs <itp> (bug #977564)
CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an
authenticated o ...)
NOT-FOR-US: Loxone Miniserver Go
CVE-2023-36623 (The root password of the Loxone Miniserver Go Gen.2 before
14.2 is cal ...)
@@ -424702,7 +424702,7 @@ CVE-2022-25881 (This affects versions of the package
http-cache-semantics before
CVE-2022-25879
RESERVED
CVE-2022-25878 (The package protobufjs before 6.11.3 are vulnerable to
Prototype Pollu ...)
- NOT-FOR-US: protobufjs/protobuf.js
+ - node-protobufjs <itp> (bug #977564)
CVE-2022-25877
RESERVED
CVE-2022-25876 (The package link-preview-js before 2.1.16 are vulnerable to
Server-sid ...)
@@ -693249,7 +693249,7 @@ CVE-2018-3740 (A specially crafted HTML fragment can
cause Sanitize gem for Ruby
CVE-2018-3739 (https-proxy-agent before 2.1.1 passes auth option to the Buffer
constr ...)
NOT-FOR-US: https-proxy-agent
CVE-2018-3738 (protobufjs is vulnerable to ReDoS when parsing crafted invalid
.proto ...)
- NOT-FOR-US: protobufjs
+ - node-protobufjs <itp> (bug #977564)
CVE-2018-3737 (sshpk is vulnerable to ReDoS when parsing crafted invalid
public keys.)
- node-sshpk 1.13.1+dfsg-2 (bug #901093)
NOTE: https://github.com/joyent/node-sshpk/issues/44
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e359bf066ef45027af436972612c8492bcecf485
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e359bf066ef45027af436972612c8492bcecf485
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
