Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8465314f by Salvatore Bonaccorso at 2022-04-08T22:37:21+02:00 Re-associate some OrangeHRM CVEs with the itp/rfp bug - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4778,7 +4778,7 @@ CVE-2022-27112 CVE-2022-27111 RESERVED CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...) TODO: check CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR ...) @@ -69845,7 +69845,7 @@ CVE-2021-28401 CVE-2021-28400 RESERVED CVE-2021-28399 (OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid us ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2021-28398 RESERVED CVE-2021-28397 @@ -95588,7 +95588,7 @@ CVE-2020-29439 (Tesla Model X vehicles before 2020-11-23 have key fobs that rely CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that accept fir ...) NOT-FOR-US: Tesla Model X vehicles CVE-2020-29437 (SQL injection in the Buzz module of OrangeHRM through 4.6 allows remot ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-29435 @@ -193418,7 +193418,7 @@ CVE-2019-12841 (Incorrect handling of user input in ZIP extraction was detected CVE-2019-12840 (In Webmin through 1.910, any user authorized to the "Package Updates" ...) - webmin <removed> CVE-2019-12839 (In OrangeHRM 4.3.1 and before, there is an input validation error with ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2013-7472 (The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via t ...) NOT-FOR-US: "Count per Day" plugin for WordPress CVE-2019-12838 (SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL ...) @@ -389321,7 +389321,7 @@ CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in question CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch Quiz before ...) NOT-FOR-US: mTouch Quiz CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/ ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.0 ...) NOT-FOR-US: iTechClassifieds CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remo ...) @@ -432101,9 +432101,9 @@ CVE-2011-5261 (Cross-site scripting (XSS) vulnerability in serverreport.cgi in A CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP ...) NOT-FOR-US: NetWeaver CVE-2011-5259 (SQL injection vulnerability in lib/controllers/CentralController.php i ...) - NOT-FOR-US: OrangehRM + - orangehrm <itp> (bug #786622) CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...) - NOT-FOR-US: OrangehRM + - orangehrm <itp> (bug #786622) CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the Classipress ...) NOT-FOR-US: WordPress theme CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...) @@ -439418,7 +439418,7 @@ CVE-2012-5369 CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained th ...) - phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728) CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow r ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2012-5366 (The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 ...) NOT-FOR-US: Mac OS X CVE-2012-5365 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year ...) @@ -449618,9 +449618,9 @@ CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4 ...) NOT-FOR-US: VMware ESXi CVE-2012-1507 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2012-1506 (SQL injection vulnerability in the updateStatus function in lib/models ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2012-1505 RESERVED CVE-2012-1504 @@ -462814,7 +462814,7 @@ CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows r CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when m ...) NOT-FOR-US: Chipmunk Pwngame CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 al ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in Truworth ...) NOT-FOR-US: Truworth Flex Timesheet CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote at ...) @@ -513228,7 +513228,7 @@ CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier a CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...) NOT-FOR-US: Fatwire Content Server CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in Oran ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in Cerbe ...) NOT-FOR-US: Cerberus Ftp Server CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote auth ...) @@ -525822,7 +525822,7 @@ CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 al CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt De ...) NOT-FOR-US: SandBox Analyzer CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM be ...) - NOT-FOR-US: OrangeHRM + - orangehrm <itp> (bug #786622) CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive informati ...) NOT-FOR-US: HyperBook Guestbook CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes us ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8465314ffcd645418463b3cfba013ac6e7f32ab7 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8465314ffcd645418463b3cfba013ac6e7f32ab7 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits