[Git][security-tracker-team/security-tracker][master] Associate some older NFUs with src:tikiwiki
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 22 21:25:29 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e3262b2 by Salvatore Bonaccorso at 2020-10-22T22:24:55+02:00
Associate some older NFUs with src:tikiwiki
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -157077,11 +157077,11 @@ CVE-2018-7306
CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitra ...)
NOT-FOR-US: MyBB
CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; consequ ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port witho ...)
NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices
CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...)
@@ -157105,7 +157105,7 @@ CVE-2018-7292
CVE-2018-7291
RESERVED
CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, an ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...)
NOT-FOR-US: Armadito
CVE-2018-7288
@@ -157546,7 +157546,7 @@ CVE-2018-7190
CVE-2018-7189
RESERVED
CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an au ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure command-li ...)
{DSA-4380-1 DSA-4379-1 DLA-1294-1}
- golang-1.10 1.10.1-1
@@ -185738,9 +185738,9 @@ CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRic
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb
CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2017-14923 (Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine ...)
NOT-FOR-US: Tine groupware
CVE-2017-14922 (Stored XSS vulnerability via IMG element at "History" of Profile, Cale ...)
@@ -221555,7 +221555,7 @@ CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and a
CVE-2016-9890
RESERVED
CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...)
{DLA-2183-1 DLA-740-1}
- libgsf 1.14.41-1
@@ -317433,9 +317433,9 @@ CVE-2012-6574 (Cross-site scripting (XSS) vulnerability in the Fonecta verify mo
CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...)
NOT-FOR-US: Tattyan HP TOWN
CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6. ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...)
NOT-FOR-US: I-O DATA DEVICE RockDisk
CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlie ...)
@@ -349428,7 +349428,7 @@ CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shama
CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...)
NOT-FOR-US: Support Incident Tracker
CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...)
NOT-FOR-US: Contao
CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded ...)
@@ -442246,9 +442246,9 @@ CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remo ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows l ...)
- linux-2.6 2.6.14-1 (low)
- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
@@ -443265,7 +443265,7 @@ CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in comersus_backoffice_s
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0 ...)
NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 al ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authenticati ...)
NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 al ...)
@@ -448629,7 +448629,7 @@ CVE-2005-1927
CVE-2005-1926
RESERVED
CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...)
- NOT-FOR-US: Tikiwiki
+ - tikiwiki <removed>
CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote a ...)
NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...)
@@ -454772,7 +454772,7 @@ CVE-2005-0202 (Directory traversal vulnerability in the true_path function in pr
CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a socket ...)
- dbus 0.22
CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ngIRC ...)
NOT-FOR-US: ngIRCd
CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Labe ...)
@@ -454840,7 +454840,7 @@ CVE-2004-1388 (Format string vulnerability in the gpsd_report function for Berli
CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
- apache 1.3.33-3
CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, whic ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain se ...)
- phpgroupware 0.9.16.005-1 (unimportant)
NOTE: path disclosure only, path is known on Debian anyway
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e3262b24cd31053a2326b3e705e793af0e72912
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e3262b24cd31053a2326b3e705e793af0e72912
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201022/b24cb523/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list