Henri Salo pushed to branch master at Debian Security Tracker / security-tracker
Commits: d6827f4b by Henri Salo at 2019-10-19T08:58:32Z Fix Typo3 to TYPO3 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -4578,11 +4578,11 @@ CVE-2019-16702 (Integard Pro 2.2.0.9026 allows remote attackers to execute arbit CVE-2019-16701 (pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection vi ...) NOT-FOR-US: pfSense CVE-2019-16700 (The slub_events (aka SLUB: Event Registration) extension through 3.0.2 ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2019-16699 (The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5 ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2019-16698 (The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 ha ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2019-16697 RESERVED CVE-2019-16696 (phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit. ...) @@ -4614,7 +4614,7 @@ CVE-2019-16684 (An issue was discovered in the image-manager in Xoops 2.5.10. Wh CVE-2019-16683 (An issue was discovered in the image-manager in Xoops 2.5.10. When the ...) NOT-FOR-US: Xoops CVE-2019-16682 (The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2018-21018 (Mastodon before 2.6.3 mishandles timeouts of incompletely established ...) NOT-FOR-US: Mastodon CVE-2019-16681 (The Traveloka application 3.14.0 for Android exports com.traveloka.and ...) @@ -17204,9 +17204,9 @@ CVE-2019-12749 (dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1. NOTE: https://gitlab.freedesktop.org/dbus/dbus/issues/269 NOTE: https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016 CVE-2019-12748 (TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2019-12747 (TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Community ...) {DLA-1877-1} - otrs2 6.0.20-1 @@ -19490,7 +19490,7 @@ CVE-2019-11833 (fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zer - linux 4.19.37-4 NOTE: Fixed by: https://git.kernel.org/linus/592acbf16821288ecdc4192c47e3774a4c48bb64 CVE-2019-11832 (TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execut ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2019-11831 (The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1 ...) {DSA-4445-1 DLA-1797-1} - drupal7 <removed> (bug #928688) @@ -140267,7 +140267,7 @@ CVE-2017-6372 CVE-2017-6371 RESERVED CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...) {DSA-3824-1 DLA-879-1} - firebird2.5 <unfixed> (bug #858641) @@ -141456,9 +141456,9 @@ CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ex ...) NOT-FOR-US: Emoncms CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulner ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. Th ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The vulnerability exi ...) NOT-FOR-US: ionize CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The vulnerabilit ...) @@ -184171,17 +184171,17 @@ CVE-2015-8765 (Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...) NOT-FOR-US: Values module for Drupal CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote att ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink function in T ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8758 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified fro ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8757 (Cross-site scripting (XSS) vulnerability in the Extension Manager in T ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8756 (Cross-site scripting (XSS) vulnerability in the search result view in ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8755 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified bac ...) - NOT-FOR-US: Typo3 + NOT-FOR-US: TYPO3 CVE-2015-8754 (The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote att ...) NOT-FOR-US: Mollom module for Drupal CVE-2015-8753 (SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization ...) @@ -223064,29 +223064,29 @@ CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history imp [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) CVE-2014-6299 (Cross-site request forgery (CSRF) vulnerability in the mm_forum extens ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6298 (Unrestricted file upload vulnerability in the mm_forum extension befor ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6297 (Cross-site scripting (XSS) vulnerability in the mm_forum extension bef ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6296 (Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) exte ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6295 (SQL injection vulnerability in the WEC Map (wec_map) extension before ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6294 (Cross-site scripting (XSS) vulnerability in the External links click s ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6293 (SQL injection vulnerability in the Statistics (ke_stats) extension bef ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6292 (The femanager extension before 1.0.9 for TYPO3 allows remote frontend ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6291 (Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap (al ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6290 (The News (tt_news) extension before 3.5.2 for TYPO3 allows remote atta ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6289 (The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) exten ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6288 (The powermail extension 2.x before 2.0.11 for TYPO3 allows remote atta ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2014-6287 (The findMacroMarker function in parserLib.pas in Rejetto HTTP File Ser ...) NOT-FOR-US: Rejetto HTTP File Server CVE-2014-6286 @@ -223264,27 +223264,27 @@ CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3. - procmail 3.22-22 (bug #760443) NOTE: http://www.openwall.com/lists/oss-security/2014/09/03/8 CVE-2014-6241 (SQL injection vulnerability in the wt_directory extension before 1.4.1 ...) - NOT-FOR-US: Typo3 extension wt_directory + NOT-FOR-US: TYPO3 extension wt_directory CVE-2014-6240 (Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar ...) - NOT-FOR-US: Typo3 extension weeaar_googlesitemap + NOT-FOR-US: TYPO3 extension weeaar_googlesitemap CVE-2014-6239 (SQL injection vulnerability in the Address visualization with Google M ...) - NOT-FOR-US: Typo3 extension st_address_map + NOT-FOR-US: TYPO3 extension st_address_map CVE-2014-6238 (Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB ...) - NOT-FOR-US: Typo3 extension Akronymmanager + NOT-FOR-US: TYPO3 extension Akronymmanager CVE-2014-6237 (Cross-site scripting (XSS) vulnerability in the News Pack extension 0. ...) - NOT-FOR-US: Typo3 extension News Pack + NOT-FOR-US: TYPO3 extension News Pack CVE-2014-6236 (Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) ...) - NOT-FOR-US: Typo3 extension lumophpinclude + NOT-FOR-US: TYPO3 extension lumophpinclude CVE-2014-6235 (Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for ...) - NOT-FOR-US: Typo3 extension DomPDF + NOT-FOR-US: TYPO3 extension DomPDF CVE-2014-6234 (Cross-site scripting (XSS) vulnerability in the Open Graph protocol (j ...) - NOT-FOR-US: Typo3 extension jh_opengraphprotocol + NOT-FOR-US: TYPO3 extension jh_opengraphprotocol CVE-2014-6233 (SQL injection vulnerability in the Flat Manager (flatmgr) extension be ...) - NOT-FOR-US: Typo3 extension flatmgr + NOT-FOR-US: TYPO3 extension flatmgr CVE-2014-6232 (Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.1 ...) - NOT-FOR-US: Typo3 extension eu_ldap + NOT-FOR-US: TYPO3 extension eu_ldap CVE-2014-6231 (Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extens ...) - NOT-FOR-US: Typo3 extension cwt_feedit + NOT-FOR-US: TYPO3 extension cwt_feedit NOTE: This is different from the feedit extension in typo3-src. CVE-2014-6227 RESERVED @@ -238898,9 +238898,9 @@ CVE-2013-7085 (Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allo [wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5) [squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5) CVE-2013-7082 (Cross-site scripting (XSS) vulnerability in the errorAction method in ...) - NOT-FOR-US: Typo3 Flow + NOT-FOR-US: TYPO3 Flow NOTE: https://review.typo3.org/#/c/26176/ - NOTE: CVE assigned for Typo3 Flow, correspond to CVE-2013-7078 + NOTE: CVE assigned for TYPO3 Flow, correspond to CVE-2013-7078 CVE-2013-7081 (The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31 ...) {DSA-2834-1} - typo3-src 4.5.32+dfsg1-1 (bug #731999) @@ -244680,7 +244680,7 @@ CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in install/forum_data/sr CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL Management (re ...) NOT-FOR-US: TYPO3 extension CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_sea ...) - NOT-FOR-US: Faceted Search Typo3 extension + NOT-FOR-US: Faceted Search TYPO3 extension CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP (browse ...) NOT-FOR-US: TYPO3 Extension CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator (locator ...) @@ -244690,7 +244690,7 @@ CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator) extens CVE-2013-5303 (Unspecified vulnerability in the Store Locator (locator) extension bef ...) NOT-FOR-US: typo3 third party component (locator) CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search) extensio ...) - NOT-FOR-US: Faceted Search Typo3 extension + NOT-FOR-US: Faceted Search TYPO3 extension CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport Webfilter 5 ...) NOT-FOR-US: Trustport Webfilter CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...) @@ -246185,7 +246185,7 @@ CVE-2013-4635 (Integer overflow in the SdnToJewish function in jewish.c in the C CVE-2012-6572 (Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess ...) NOT-FOR-US: Inf08 theme for Drupal CVE-2013-4634 (SQL injection vulnerability in the jQuery autocomplete for indexed_sea ...) - NOT-FOR-US: rzautocomplete extension for Typo3 + NOT-FOR-US: rzautocomplete extension for TYPO3 CVE-2013-4633 (Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 ...) NOT-FOR-US: Huawei Seco Versatile Security Manager CVE-2013-4632 (The Huawei Access Router (AR) before V200R002SPC003 allows remote atta ...) @@ -260906,11 +260906,11 @@ CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information under CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pa ...) NOT-FOR-US: Dalbum CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension before ...) - NOT-FOR-US: Typo3 extension (sr_feuser_register) + NOT-FOR-US: TYPO3 extension (sr_feuser_register) CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...) - NOT-FOR-US: Typo3 extension (powermail) + NOT-FOR-US: TYPO3 extension (powermail) CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_ba ...) - NOT-FOR-US: Typo3 extension (seo_basics) + NOT-FOR-US: TYPO3 extension (seo_basics) CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) [squeeze] - tomcat6 6.0.35-1+squeeze3 @@ -279288,9 +279288,9 @@ CVE-2011-4026 (SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows ...) NOT-FOR-US: Hulihan BXR CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension bef ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension b ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yell ...) NOT-FOR-US: Branchenbuch CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre P ...) @@ -279298,21 +279298,21 @@ CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows ...) NOT-FOR-US: Prado Portal CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ex ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_ques ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard Developers A ...) NOT-FOR-US: APBoard Developers APBoard CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in xt:Commerce ...) NOT-FOR-US: xt:Commerce Gambio CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1 ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat) extensio ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xaj ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension before 0.3. ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat component ...) NOT-FOR-US: Joomla extension CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...) @@ -296395,21 +296395,21 @@ CVE-2009-4972 (Cross-site scripting (XSS) vulnerability in index.php (aka the lo CVE-2009-4971 (SQL injection vulnerability in the AJAX Chat (vjchat) extension before ...) NOT-FOR-US: AJAX Chat CVE-2009-4970 (SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for T ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2009-4969 (SQL injection vulnerability in the Solidbase Bannermanagement (SBbanne ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2009-4968 (SQL injection vulnerability in the Event Registration (event_registr) ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2009-4967 (SQL injection vulnerability in the Car (car) extension before 0.1.1 fo ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2009-4966 (SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipse ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2009-4965 (SQL injection vulnerability in the AIRware Lexicon (air_lexicon) exten ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2009-4964 (Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers ...) NOT-FOR-US: KSP CVE-2009-4963 (Cross-site scripting (XSS) vulnerability in the Commerce extension bef ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2009-4962 (Stack-based buffer overflow in Fat Player 0.6b allows remote attackers ...) NOT-FOR-US: Fat Player CVE-2009-4961 (Lanai Core 0.6 allows remote attackers to obtain configuration informa ...) @@ -298397,7 +298397,7 @@ CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum all CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education S ...) NOT-FOR-US: Open Education System CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension befor ...) - NOT-FOR-US: Typo3 extenson Calendar Base + NOT-FOR-US: TYPO3 extenson Calendar Base CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...) NOT-FOR-US: Aris Global ARISg CVE-2009-4882 (Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in Zo ...) @@ -316753,21 +316753,21 @@ CVE-2008-6465 (Multiple cross-site scripting (XSS) vulnerabilities in login.php CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic PH ...) NOT-FOR-US: Mevin Productions Basic PHP Events Lister CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...) - NOT-FOR-US: Diocese of Portsmouth Church Search extension for Typo3 + NOT-FOR-US: Diocese of Portsmouth Church Search extension for TYPO3 CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) exten ...) NOT-FOR-US: My quiz and poll CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) exten ...) - NOT-FOR-US: Typo3 addon Random Prayer + NOT-FOR-US: TYPO3 addon Random Prayer CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects (mw_random_ob ...) - NOT-FOR-US: Typo3 addon Simple Random Objects + NOT-FOR-US: TYPO3 addon Simple Random Objects CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration (autobeus ...) - NOT-FOR-US: Typo3 addon auto BE User Registration + NOT-FOR-US: TYPO3 addon auto BE User Registration CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address & ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ext ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and ...) - NOT-FOR-US: Typo3 addon + NOT-FOR-US: TYPO3 addon CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote a ...) NOT-FOR-US: Edikon phpShop CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows rem ...) @@ -319222,7 +319222,7 @@ CVE-2008-5997 (Absolute path traversal vulnerability in admin/fileKontrola/brows CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...) NOT-FOR-US: Simplenews module for Drupal CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_fr ...) - NOT-FOR-US: freeCap CAPTCHA extension for Typo3 + NOT-FOR-US: freeCap CAPTCHA extension for TYPO3 CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point C ...) NOT-FOR-US: Check Point Connectra CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...) @@ -320674,7 +320674,7 @@ CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allow - quassel 0.2~rc1-1.1 (bug #506550) CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for th ...) - typo3-src 4.2.3-1 (bug #505325) - [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected) + [etch] - typo3-src <not-affected> (TYPO3 versions below 4.2.x are not affected) CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...) NOT-FOR-US: MyioSoft EasyBookMarker CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in M ...) @@ -320701,7 +320701,7 @@ CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Netw NOT-FOR-US: Orb Networks Orb CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...) - typo3-src 4.2.3-1 (bug #505324) - [etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected) + [etch] - typo3-src <not-affected> (Only TYPO3 4.2.2 is affected) CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for Joo ...) NOT-FOR-US: Joomla! CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made Simpl ...) @@ -322263,7 +322263,7 @@ CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might a CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote at ...) NOT-FOR-US: MyFWB CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...) - NOT-FOR-US: Typo3 third party extension "file_list" + NOT-FOR-US: TYPO3 third party extension "file_list" CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User Applicatio ...) NOT-FOR-US: Novell User Application CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory bef ...) @@ -322392,7 +322392,7 @@ CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Galler NOT-FOR-US: ElkaGroup Image Gallery CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend] - typo3-src 4.2.3-1 (bug #505326) - [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected) + [etch] - typo3-src <not-affected> (TYPO3 versions below 4.2.x are not affected) CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier ...) - websvn 2.0-4 (bug #503330) [etch] - websvn <not-affected> (vulnerable code not present) @@ -323255,19 +323255,19 @@ CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...) NOT-FOR-US: LokiCMS CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_ ...) - NOT-FOR-US: sm_pageimprovements for Typo3 + NOT-FOR-US: sm_pageimprovements for TYPO3 CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extensi ...) - NOT-FOR-US: m1_intern for Typo3 + NOT-FOR-US: m1_intern for TYPO3 CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist ...) - NOT-FOR-US: kiddog_playerlist for Typo3 + NOT-FOR-US: kiddog_playerlist for TYPO3 CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 a ...) - NOT-FOR-US: dmmjobcontrol for Typo3 + NOT-FOR-US: dmmjobcontrol for TYPO3 CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ea ...) - NOT-FOR-US: econda for Typo3 + NOT-FOR-US: econda for TYPO3 CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) 0 ...) - NOT-FOR-US: fersview for Typo3 + NOT-FOR-US: fersview for TYPO3 CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 ...) - NOT-FOR-US: simplesurvey for Typo3 + NOT-FOR-US: simplesurvey for TYPO3 CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...) NOT-FOR-US: Makale module for XOOPS CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communica ...) @@ -381925,7 +381925,7 @@ CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1. CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive i ...) - phpbb2 <unfixed> (unimportant) CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...) - NOT-FOR-US: Typo3 extension + NOT-FOR-US: TYPO3 extension CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4. ...) NOT-FOR-US: Computalynx CProxy CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 all ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6827f4bbc97011bda86cc242218fc2fa4c0d010 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d6827f4bbc97011bda86cc242218fc2fa4c0d010 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits