[Git][security-tracker-team/security-tracker][master] Associate some NFU entries with joplin's itp'ed item

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 21 21:41:20 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6624d77 by Salvatore Bonaccorso at 2024-06-21T22:40:36+02:00
Associate some NFU entries with joplin's itp'ed item

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81,17 +81,17 @@ CVE-2024-31890 (IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilitie
 CVE-2023-51375 (Missing Authorization vulnerability in WPDeveloper EmbedPress.This iss ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-45673 (Joplin is a free, open source note taking and to-do application. A rem ...)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2023-45197 (The file upload plugin in Adminer and AdminerEvo allows an attacker to ...)
 	TODO: check
 CVE-2023-39517 (Joplin is a free, open source note taking and to-do application. A Cro ...)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2023-38506 (Joplin is a free, open source note taking and to-do application. A Cro ...)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2023-38389 (Incorrect Authorization vulnerability in Artbees JupiterX Core allows  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-37898 (Joplin is a free, open source note taking and to-do application. A Cro ...)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2024-39277 (In the Linux kernel, the following vulnerability has been resolved:  d ...)
 	- linux <unfixed>
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -79897,9 +79897,9 @@ CVE-2023-37301 (An issue was discovered in SubmitEntityAction in Wikibase in Med
 CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the CheckUser exten ...)
 	NOT-FOR-US: MediaWiki extension CheckUser
 CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image map.)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...)
 	{DLA-3497-1}
 	- pypdf2 1.27.9-1
@@ -141152,7 +141152,7 @@ CVE-2022-40279 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and
 CVE-2022-40278 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...)
 	NOT-FOR-US: Samsung TizenRT
 CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute arbitrary  ...)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2022-40276 (Zettlr version 2.3.0 allows an external attacker to remotely obtain ar ...)
 	NOT-FOR-US: Zettlr
 CVE-2022-40275
@@ -155211,7 +155211,7 @@ CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree v0.99.3
 CVE-2022-35132 (Usermin through 1.850 allows a remote authenticated user to execute OS ...)
 	NOT-FOR-US: Usermin
 CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands via a cra ...)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2022-35130
 	RESERVED
 CVE-2022-35129
@@ -190643,7 +190643,7 @@ CVE-2022-23342 (The Hyland Onbase Application Server releases prior to 20.3.58.1
 CVE-2022-23341
 	RESERVED
 CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2022-23339
 	RESERVED
 CVE-2022-23338
@@ -221754,7 +221754,7 @@ CVE-2021-37918 (Zoho ManageEngine ADManager Plus version 7110 and prior allows u
 CVE-2021-37917
 	RESERVED
 CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body.)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog Telephone Adap ...)
 	NOT-FOR-US: Grandstream
 CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...)
@@ -277775,7 +277775,7 @@ CVE-2020-28251 (NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has
 CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user ...)
 	NOT-FOR-US: Cellinx NVT Web Server
 CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2020-28248 (An integer overflow in the PngImg::InitStorage_() function of png-img  ...)
 	NOT-FOR-US: png-img
 CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...)
@@ -326322,7 +326322,7 @@ CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attac
 CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...)
 	NOT-FOR-US: Couchbase
 CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS.)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2020-9037
 	RESERVED
 CVE-2020-9036 (Jeedom through 4.0.38 allows XSS.)
@@ -424958,7 +424958,7 @@ CVE-2018-1000536 (Medis version 0.6.1 and earlier contains a XSS vulnerability e
 CVE-2018-1000535 (lms version <= LMS_011123 contains a Local File Disclosure vulnerabili ...)
 	NOT-FOR-US: lms
 CVE-2018-1000534 (Joplin version prior to 1.0.90 contains a XSS evolving into code execu ...)
-	NOT-FOR-US: Joplin
+	- joplin <itp> (bug #931306)
 CVE-2018-1000533 (klaussilveira GitList version <= 0.6 contains a Passing incorrectly sa ...)
 	NOT-FOR-US: klaussilveira GitList
 CVE-2018-1000532 (beep version 1.3 and up contains a External Control of File Name or Pa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6624d77f131b34abef764fb3074fc51448461da

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6624d77f131b34abef764fb3074fc51448461da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240621/83d4305b/attachment.htm>

More information about the debian-security-tracker-commits mailing list