[Git][security-tracker-team/security-tracker][master] Associate some NFUs with itp entry for froxlor

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 31 08:33:00 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d68e33b3 by Salvatore Bonaccorso at 2022-12-31T09:29:41+01:00
Associate some NFUs with itp entry for froxlor

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -94823,7 +94823,7 @@ CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the nam
 	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10
 	NOTE: https://www.redmine.org/projects/redmine/repository/revisions/21209
 CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...)
-	NOT-FOR-US: Froxlor
+	- froxlor <itp> (bug #581792)
 CVE-2021-42324 (An issue was discovered on DCN (Digital China Networks) S4600-10P-SI d ...)
 	NOT-FOR-US: DCN S4600 switches
 CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique  ...)
@@ -154902,7 +154902,7 @@ CVE-2020-29655 (An injection vulnerability exists in RT-AC88U Download Master be
 CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that lea ...)
 	NOT-FOR-US: Western Digital Dashboard
 CVE-2020-29653 (Froxlor through 0.10.22 does not perform validation on user input pass ...)
-	NOT-FOR-US: Froxlor
+	- froxlor <itp> (bug #581792)
 CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...)
 	- golang-go.crypto 1:0.0~git20201221.eec23a3-1
 	[buster] - golang-go.crypto <not-affected> (Vulnerable code not present)
@@ -207354,11 +207354,11 @@ CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Acce
 CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...)
 	NOT-FOR-US: Joomla!
 CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...)
-	NOT-FOR-US: Froxlor
+	- froxlor <itp> (bug #581792)
 CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...)
-	NOT-FOR-US: Froxlor
+	- froxlor <itp> (bug #581792)
 CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...)
-	NOT-FOR-US: Froxlor
+	- froxlor <itp> (bug #581792)
 CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 1 ...)
 	NOT-FOR-US: IObit Advanced SystemCare
 CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...)
@@ -308806,7 +308806,7 @@ CVE-2018-1000528 (GONICUS GOsa version before commit 56070d6289d47ba3f5918885954
 	NOTE: https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
 	NOTE: https://github.com/gosa-project/gosa-core/issues/14
 CVE-2018-1000527 (Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnera ...)
-	NOT-FOR-US: Froxlor
+	- froxlor <itp> (bug #581792)
 CVE-2018-1000526 (Openpsa contains a XML Injection vulnerability in RSS file upload feat ...)
 	NOT-FOR-US: openpsa
 CVE-2018-1000525 (openpsa contains a PHP Object Injection vulnerability in Form data pas ...)
@@ -411234,7 +411234,7 @@ CVE-2016-5102 (Buffer overflow in the readgifimage function in gif2tiff.c in the
 CVE-2016-5101 (Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows a ...)
 	NOT-FOR-US: Opera
 CVE-2016-5100 (Froxlor before 0.9.35 uses the PHP rand function for random number gen ...)
-	NOT-FOR-US: Froxlor
+	- froxlor <itp> (bug #581792)
 CVE-2016-5099 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4. ...)
 	{DSA-3627-1}
 	- phpmyadmin 4:4.6.2-1 (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d68e33b30708cc73536b29aa39de534e32282947

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d68e33b30708cc73536b29aa39de534e32282947
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221231/f9f57bc3/attachment.htm>

More information about the debian-security-tracker-commits mailing list