[Git][security-tracker-team/security-tracker][master] new hamster-time-tracker issue (might be bogus), NFU
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 6 14:13:20 BST 2023
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6122b59e by Moritz Muehlenhoff at 2023-10-06T15:12:44+02:00
new hamster-time-tracker issue (might be bogus), NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2463,7 +2463,7 @@ CVE-2023-42147 (An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtai
CVE-2023-41902 (An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2. ...)
NOT-FOR-US: CoreCode MacUpdater
CVE-2023-41484 (An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain s ...)
- TODO: check
+ NOT-FOR-US: imgcat
CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming Software ...)
NOT-FOR-US: KostacKostac PLC Programming Software
CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software Version 1. ...)
@@ -3093,7 +3093,9 @@ CVE-2023-37755 (i-doit pro 25 and below and I-doit open 25 and below are configu
CVE-2023-37739 (i-doit Pro v25 and below was discovered to be vulnerable to path trave ...)
NOT-FOR-US: I-doit pro
CVE-2023-36250 (CSV Injection vulnerability in GNOME time tracker version 3.0.2, allow ...)
- TODO: check
+ - hamster-time-tracker <unfixed>
+ NOTE: https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md
+ NOTE: Report sounds a little dubious, it's not really clear whether this cross any security boundary
CVE-2023-2848 (Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hija ...)
NOT-FOR-US: Movim
CVE-2023-4948 (The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6122b59ed35db96cf44ea161057b98e24bfff1c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6122b59ed35db96cf44ea161057b98e24bfff1c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231006/bfdd9422/attachment.htm>
More information about the debian-security-tracker-commits
mailing list