Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9e3262b2 by Salvatore Bonaccorso at 2020-10-22T22:24:55+02:00 Associate some older NFUs with src:tikiwiki - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -157077,11 +157077,11 @@ CVE-2018-7306 CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitra ...) NOT-FOR-US: MyBB CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; consequ ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port witho ...) NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...) @@ -157105,7 +157105,7 @@ CVE-2018-7292 CVE-2018-7291 RESERVED CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, an ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...) NOT-FOR-US: Armadito CVE-2018-7288 @@ -157546,7 +157546,7 @@ CVE-2018-7190 CVE-2018-7189 RESERVED CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an au ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure command-li ...) {DSA-4380-1 DSA-4379-1 DLA-1294-1} - golang-1.10 1.10.1-1 @@ -185738,9 +185738,9 @@ CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRic NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601 NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...) - NOT-FOR-US: Tiki + - tikiwiki <removed> CVE-2017-14923 (Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine ...) NOT-FOR-US: Tine groupware CVE-2017-14922 (Stored XSS vulnerability via IMG element at "History" of Profile, Cale ...) @@ -221555,7 +221555,7 @@ CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and a CVE-2016-9890 RESERVED CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki ...) - NOT-FOR-US: Tiki Wiki + - tikiwiki <removed> CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...) {DLA-2183-1 DLA-740-1} - libgsf 1.14.41-1 @@ -317433,9 +317433,9 @@ CVE-2012-6574 (Cross-site scripting (XSS) vulnerability in the Fonecta verify mo CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...) NOT-FOR-US: Tattyan HP TOWN CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6. ...) - NOT-FOR-US: Tiki Wiki + - tikiwiki <removed> CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...) - NOT-FOR-US: Tiki Wiki + - tikiwiki <removed> CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...) NOT-FOR-US: I-O DATA DEVICE RockDisk CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlie ...) @@ -349428,7 +349428,7 @@ CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shama CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...) NOT-FOR-US: Support Incident Tracker CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...) - NOT-FOR-US: Tiki Wiki + - tikiwiki <removed> CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...) NOT-FOR-US: Contao CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded ...) @@ -442246,9 +442246,9 @@ CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...) NOT-FOR-US: Antville CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remo ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows l ...) - linux-2.6 2.6.14-1 (low) - kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later) @@ -443265,7 +443265,7 @@ CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in comersus_backoffice_s CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0 ...) NOT-FOR-US: AhnLab CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 al ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authenticati ...) NOT-FOR-US: Splatt Forum CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 al ...) @@ -448629,7 +448629,7 @@ CVE-2005-1927 CVE-2005-1926 RESERVED CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...) - NOT-FOR-US: Tikiwiki + - tikiwiki <removed> CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote a ...) NOT-FOR-US: External Squirrelmail plugin not packaged in Debian CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...) @@ -454772,7 +454772,7 @@ CVE-2005-0202 (Directory traversal vulnerability in the true_path function in pr CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a socket ...) - dbus 0.22 CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ngIRC ...) NOT-FOR-US: ngIRCd CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Labe ...) @@ -454840,7 +454840,7 @@ CVE-2004-1388 (Format string vulnerability in the gpsd_report function for Berli CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...) - apache 1.3.33-3 CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, whic ...) - NOT-FOR-US: TikiWiki + - tikiwiki <removed> CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain se ...) - phpgroupware 0.9.16.005-1 (unimportant) NOTE: path disclosure only, path is known on Debian anyway View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e3262b24cd31053a2326b3e705e793af0e72912 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e3262b24cd31053a2326b3e705e793af0e72912 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits