[Git][security-tracker-team/security-tracker][master] Mark webmin as removed
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 20 18:35:28 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1293e1e1 by Salvatore Bonaccorso at 2019-08-20T17:35:06Z
Mark webmin as removed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,7 +18,7 @@ CVE-2019-15233
CVE-2019-15232 (Live555 before 2019.08.16 has a Use-After-Free because GenericMediaSer ...)
TODO: check
CVE-2019-15231 (Webmin 1.890, in a default installation, contains a backdoor that allo ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2019-15230
RESERVED
CVE-2019-15229 (FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of ...)
@@ -43872,7 +43872,7 @@ CVE-2018-19193 (An issue was discovered in XiaoCms 20141229. There is XSS via th
CVE-2018-19192 (An issue was discovered in XiaoCms 20141229. admin/index.php?c=content ...)
NOT-FOR-US: XiaoCms
CVE-2018-19191 (Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi hist ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2018-19190 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
NOT-FOR-US: Amazon PAYFORT payfort-php-SDK payment gateway SDK
CVE-2018-19189 (The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04 ...)
@@ -143304,7 +143304,7 @@ CVE-2017-2108 (Untrusted search path vulnerability in PrimeDrive Desktop Applica
CVE-2017-2107 (Untrusted search path vulnerability in Self-extracting archive files c ...)
NOT-FOR-US: 7-ZIP32.DLL
CVE-2017-2106 (Multiple cross-site scripting vulnerabilities in Webmin versions prior ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2017-2105 (The TVer App for Android 3.2.7 and earlier does not verify X.509 certi ...)
NOT-FOR-US: TVer App for Android
CVE-2017-2104 (The Business LaLa Call App for Android 1.4.7 and earlier does not veri ...)
@@ -200609,7 +200609,7 @@ CVE-2015-1378 (cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before
[wheezy] - grml-debootstrap <no-dsa> (Minor issue)
NOTE: https://github.com/grml/grml-debootstrap/issues/59
CVE-2015-1377 (The Read Mail module in Webmin 1.720 allows local users to read arbitr ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2015-1395 (Directory traversal vulnerability in GNU patch versions which support ...)
- patch 2.7.3-1 (bug #775873)
[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
@@ -218984,7 +218984,7 @@ CVE-2014-3927 (mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to
CVE-2014-3926 (Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 al ...)
NOT-FOR-US: Cougar LG
CVE-2014-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1 ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2014-3923 (Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoo ...)
NOT-FOR-US: WordPress plugin Digital Zoom Studio Video Gallery
CVE-2014-3922 (Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Mess ...)
@@ -219100,9 +219100,9 @@ CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM
CVE-2014-3887 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...)
NOT-FOR-US: I-O DATA DEVICE
CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2014-3884 (Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allow ...)
NOT-FOR-US: Usermin
CVE-2014-3883 (Usermin before 1.600 allows remote attackers to execute arbitrary oper ...)
@@ -221915,7 +221915,7 @@ CVE-2014-2953
RESERVED
CVE-2014-2952 [Arbitrary File Deletion as Root in Webmin]
RESERVED
- NOT-FOR-US: Webmin
+ - webmin <removed>
NOTE: https://sites.utexas.edu/iso/2014/09/09/arbitrary-file-deletion-as-root-in-webmin/
CVE-2014-2951 (Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded pas ...)
NOT-FOR-US: Datum Systems SnIP
@@ -229329,7 +229329,7 @@ CVE-2014-0341 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX bef
CVE-2014-0340
RESERVED
CVE-2014-0339 (Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2014-0338 (Multiple cross-site scripting (XSS) vulnerabilities in the firewall po ...)
NOT-FOR-US: WatchGuard Fireware XTM
CVE-2014-0337 (Cross-site scripting (XSS) vulnerability in the web interface on Huawe ...)
@@ -253811,7 +253811,7 @@ CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote
CVE-2012-4894 (Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-ass ...)
NOT-FOR-US: Google SketchUp
CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in file/sho ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 201 ...)
NOT-FOR-US: FlatnuX CMS
CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngi ...)
@@ -259005,11 +259005,11 @@ CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx i
CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overv ...)
NOT-FOR-US: Websense
CVE-2012-2983 (file/edit_html.cgi in Webmin 1.590 and earlier does not perform an aut ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2012-2982 (file/show.cgi in Webmin 1.590 and earlier allows remote authenticated ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to execute ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on ...)
NOT-FOR-US: Samsung and HTC Android
CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release]
@@ -275892,7 +275892,7 @@ CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ext
- php5 5.3.6-13 (low)
[lenny] - php5 <not-affected> (The Lenny version doesn't use memcpy)
CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier a ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2011-1936 (Xen, when using x86 Intel processors and the VMX virtualization extens ...)
- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d94372 ...)
@@ -294902,7 +294902,7 @@ CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows
CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote a ...)
NOT-FOR-US: elkagroup Image Gallery
CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Us ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...)
NOT-FOR-US: Viscacha
CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remo ...)
@@ -295207,7 +295207,7 @@ CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character
CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 a ...)
NOT-FOR-US: FreePBX
CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module befor ...)
- NOT-FOR-US: Webmin
+ - webmin <removed>
CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1 ...)
NOT-FOR-US: Green Desktiny
CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security A ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1293e1e171878e5cfb9e4a948808f11163b79721
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1293e1e171878e5cfb9e4a948808f11163b79721
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190820/42b8b36f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list