[Git][security-tracker-team/security-tracker][master] Reassociate some NFUs with itp'ed bug
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 29 21:28:59 BST 2023
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5b9def66 by Salvatore Bonaccorso at 2023-06-29T22:28:28+02:00
Reassociate some NFUs with itp'ed bug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41589,13 +41589,13 @@ CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In d
NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u
NOTE: Negligible security impact, would need physical access to "exploit"
CVE-2022-45918 (ILIAS before 7.16 allows External Control of File Name or Path.)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2022-45917 (ILIAS before 7.16 has an Open Redirect.)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2022-45916 (ILIAS before 7.16 allows XSS.)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2022-45915 (ILIAS before 7.16 allows OS Command Injection.)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2022-45914 (The ESL (Electronic Shelf Label) protocol, as implemented by (for exam ...)
NOT-FOR-US: ESL (Electronic Shelf Label) protocol
CVE-2022-45913 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...)
@@ -84837,7 +84837,7 @@ CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to read
CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User Service: ...)
NOT-FOR-US: Gitblit
CVE-2022-31266 (In ILIAS through 7.10, lack of verification when changing an email add ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2022-31265 (The replay feature in the client in Wargaming World of Warships 0.11.4 ...)
NOT-FOR-US: client in Wargaming World of Warships
CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflow via ...)
@@ -204330,9 +204330,9 @@ CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before
NOTE: https://github.com/inspircd/inspircd/commit/fbdd08043e97c2749ce2f03382559bba89abf47a (v3)
NOTE: https://github.com/inspircd/inspircd/commit/b24a91181f58c7f7141de8995ff212993bcc333b (v3)
CVE-2020-25268 (Remote Code Execution can occur via the external news feed in ILIAS 6. ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2020-25267 (An XSS issue exists in the question-pool file-upload preview feature i ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2020-25266 (AppImage appimaged before 1.0.3 does not properly check whether a down ...)
NOT-FOR-US: AppImage appimaged
CVE-2020-25265 (AppImage libappimage before 1.0.3 allows attackers to trigger an overw ...)
@@ -207322,9 +207322,9 @@ CVE-2020-23998
CVE-2020-23997
RESERVED
CVE-2020-23996 (A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 an ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2020-23995 (An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2020-23994
RESERVED
CVE-2020-23993
@@ -297142,7 +297142,7 @@ CVE-2019-1010238 (Gnome Pango 1.42 and later is affected by: Buffer Overflow. Th
NOTE: https://gitlab.gnome.org/GNOME/pango/issues/342
NOTE: https://gitlab.gnome.org/GNOME/pango/commit/490f8979a260c16b1df055eab386345da18a2d54 (1.44)
CVE-2019-1010237 (Ilias 5.3 before 5.3.12; 5.2 before 5.2.21 is affected by: Cross Site ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2019-1010236
RESERVED
CVE-2019-1010235 (Frog CMS 1.1 is affected by: Cross Site Scripting (XSS). The impact is ...)
@@ -347653,13 +347653,13 @@ CVE-2018-11122
CVE-2018-11121
RESERVED
CVE-2018-11120 (Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-11119 (ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-11118 (The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XS ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-11117 (Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, 5. ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-11116 (OpenWrt mishandles access control in /etc/config/rpcd and the /usr/sha ...)
NOT-FOR-US: OpenWrt
CVE-2018-11115
@@ -349066,7 +349066,7 @@ CVE-2018-10667
CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX Membership (ID ...)
NOT-FOR-US: Aurora IDEX
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-10664 (An issue was discovered in the httpd process in multiple models of Axi ...)
NOT-FOR-US: Axis
CVE-2018-10663 (An issue was discovered in multiple models of Axis IP Cameras. There i ...)
@@ -349650,7 +349650,7 @@ CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. Ther
CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via th ...)
NOT-FOR-US: Cosmo
CVE-2018-10428 (ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-10427
RESERVED
CVE-2018-10426
@@ -349948,9 +349948,9 @@ CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress mi
CVE-2018-10308
RESERVED
CVE-2018-10307 (error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-10306 (Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Fo ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-10305 (The MessageSearch2 function in PersonalMessage.php in Simple Machines ...)
NOT-FOR-US: Simple Machines Forum
CVE-2018-10304
@@ -363402,7 +363402,7 @@ CVE-2018-5690 (Cross-site scripting (XSS) vulnerability in admin/users.php in Do
CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear ...)
- dotclear <removed>
CVE-2018-5688 (ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings under ad ...)
NOT-FOR-US: NewsBee CMS
CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and applicati ...)
@@ -384471,7 +384471,7 @@ CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
NOTE: https://nandynarwhals.org/CVE-2017-15587/
CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS befor ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x ...)
NOT-FOR-US: Cloudera Data Science Workbench
CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by- ...)
@@ -408932,7 +408932,7 @@ CVE-2017-7585 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()"
CVE-2017-7584 (Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows ...)
NOT-FOR-US: Foxit PDF Toolkit
CVE-2017-7583 (ILIAS before 5.2.3 has XSS via SVG documents.)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2017-7582
RESERVED
CVE-2017-7581 (SQL injection vulnerability in NewsController.php in the News module 5 ...)
@@ -506381,11 +506381,11 @@ CVE-2014-2092 (Cross-site scripting (XSS) vulnerability in lib/filemanager/Image
CVE-2014-2091 (Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admi ...)
NOT-FOR-US: ATutor
CVE-2014-2090 (Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in IL ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2014-2089 (ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2014-2088 (Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 all ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2014-2087 (Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload ...)
NOT-FOR-US: Free Download Manager
CVE-2013-7332 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earl ...)
@@ -592222,7 +592222,7 @@ CVE-2008-5818 (Directory traversal vulnerability in index.php in eDreamers eDCon
CVE-2008-5817 (Multiple SQL injection vulnerabilities in index.php in Web Scribble So ...)
NOT-FOR-US: Web Scribble Solutions webClassifieds
CVE-2008-5816 (SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earli ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...)
NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ea ...)
@@ -608689,7 +608689,7 @@ CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedul
CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX ...)
NOT-FOR-US: SSReader
CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in Services/Utilities/classes ...)
- NOT-FOR-US: ILIAS
+ - ilias <itp> (bug #195688)
CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
NOT-FOR-US: IBM AIX
CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b9def66a7e1404ededef3463c3029ee8d0e97b7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b9def66a7e1404ededef3463c3029ee8d0e97b7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230629/c866731e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list