[Git][security-tracker-team/security-tracker][master] Update CVEs for osticket
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 16 20:28:18 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
da11085c by Salvatore Bonaccorso at 2026-06-16T21:27:45+02:00
Update CVEs for osticket
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-9507 (A session fixation vulnerability has been identified in osTicket v1.18 ...)
- TODO: check
+ - osticket <itp> (bug #998157)
CVE-2026-9307 (A sensitive information disclosure security issue exists within the af ...)
NOT-FOR-US: Rockwell Automation
CVE-2026-8484 (A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" ...)
@@ -24676,7 +24676,7 @@ CVE-2026-8196 (A flaw has been found in JeecgBoot 3.9.1. The impacted element is
CVE-2026-8195 (A vulnerability was detected in JeecgBoot up to 3.9.1. The affected el ...)
NOT-FOR-US: JeecgBoot
CVE-2026-8194 (A security vulnerability has been detected in osTicket up to 1.18.3. I ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2026-45186 (In libexpat before 2.8.1, the computational complexity of attribute na ...)
- expat 2.8.0-2 (bug #1136164)
NOTE: https://github.com/libexpat/libexpat/pull/1216
@@ -47610,7 +47610,7 @@ CVE-2026-26928 (SzafirHostdownloads necessary files in the context of the initia
CVE-2026-26927 (Szafir SDK Web is a browser plug-in that can run SzafirHost applicatio ...)
NOT-FOR-US: Szafir SDK Web
CVE-2026-26895 (User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 all ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2026-25212 (An issue was discovered in Percona PMM before 3.7. Because an internal ...)
NOT-FOR-US: Percona PMM
CVE-2026-0688 (The Webmention plugin for WordPress is vulnerable to Server-Side Reque ...)
@@ -84778,7 +84778,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client using Weblate's REST API. P
NOTE: https://github.com/WeblateOrg/wlc/pull/1097
NOTE: Fixed by: https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3 (1.17.0)
CVE-2026-22200 (Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2026-22050 (ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 w ...)
NOT-FOR-US: NetApp
CVE-2026-22033 (Label Studio is a multi-type data labeling and annotation tool. In 1.2 ...)
@@ -163324,7 +163324,7 @@ CVE-2025-46806 (A Use of Out-of-range Pointer Offset vulnerability in sslh leads
CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint of CloudC ...)
NOT-FOR-US: CloudClassroom-PHP-Project
CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2025-44172 (Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via ...)
NOT-FOR-US: Tenda
CVE-2025-44115 (A vulnerability has been found in Cotonti Siena v0.9.25. Affected by t ...)
@@ -171793,7 +171793,7 @@ CVE-2025-27921 (A reflected cross-site scripting (XSS) vulnerability was discove
CVE-2025-27920 (Output Messenger before 2.0.63 was vulnerable to a directory traversal ...)
NOT-FOR-US: Output Messenger
CVE-2025-26241 (A SQL injection vulnerability in the "Search" functionality of "ticket ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2025-25504 (An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV o ...)
NOT-FOR-US: Gefen WebFWC
CVE-2025-24977 (OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to ...)
@@ -304722,7 +304722,7 @@ CVE-2023-49034 (Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 all
CVE-2023-47422 (An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.5 ...)
NOT-FOR-US: Tenda
CVE-2023-46967 (Cross Site Scripting vulnerability in the sanitize function in Enhance ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-42953 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2023-42952 (The issue was addressed with improved checks. This issue is fixed in i ...)
@@ -354387,7 +354387,7 @@ CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8
- ming <removed>
NOTE: https://github.com/libming/libming/issues/266
CVE-2023-30082 (A denial of service attack might be launched against the server if an ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-30081
RESERVED
CVE-2023-30080
@@ -361212,17 +361212,17 @@ CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as critic
CVE-2023-1321 (A vulnerability has been found in lmxcms 1.41 and classified as critic ...)
NOT-FOR-US: lmxcms
CVE-2023-1320 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-1319 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-1318 (Cross-site Scripting (XSS) - Generic in GitHub repository osticket/ost ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-1317 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-1316 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-1314 (A vulnerability has been discovered in cloudflared's installer (<= 202 ...)
NOT-FOR-US: cloudflared's installer
CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...)
@@ -363934,9 +363934,9 @@ CVE-2023-27151 (openCRX 5.2.0 was discovered to contain an HTML injection vulner
CVE-2023-27150 (openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) v ...)
NOT-FOR-US: openCRX
CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...)
- NOT-FOR-US: Enhancesoft osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin panel i ...)
- NOT-FOR-US: Enhancesoft osTicket
+ - osticket <itp> (bug #998157)
CVE-2023-27147
RESERVED
CVE-2023-27146
@@ -385887,7 +385887,7 @@ CVE-2022-46364 (A SSRF vulnerability in parsing thehref attribute of XOP:Include
CVE-2022-46363 (A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows ...)
NOT-FOR-US: Apache CXF
CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...)
NOT-FOR-US: M-Files Web
CVE-2022-4269 (A flaw was found in the Linux kernel Traffic Control (TC) subsystem. U ...)
@@ -429197,11 +429197,11 @@ CVE-2022-31892
CVE-2022-31891
RESERVED
CVE-2022-31890 (SQL Injection vulnerability in audit/class.audit.php in osTicket osTic ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2022-31889 (Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs. ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2022-31888 (Session Fixation vulnerability in in function login in class.auth.php ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability ...)
NOT-FOR-US: Marval MSM
CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery ...)
@@ -460924,7 +460924,7 @@ CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (X
CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...)
NOT-FOR-US: NUUO Network Video Recorder NVRsolo
CVE-2021-45811 (A SQL injection vulnerability in the "Search" functionality of "ticket ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2021-45810 (GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affe ...)
NOT-FOR-US: GlobalProtect-openconnect
CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected by inco ...)
@@ -475617,7 +475617,7 @@ CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is v
CVE-2021-42236
RESERVED
CVE-2021-42235 (SQL injection in osTicket before 1.14.8 and 1.15.4 login and password ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2021-42234
RESERVED
CVE-2021-42233 (The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cros ...)
@@ -551970,7 +551970,7 @@ CVE-2020-24919
CVE-2020-24918 (A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Serve ...)
NOT-FOR-US: Ambarella
CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...)
{DSA-4773-1 DLA-2384-1}
- yaws 2.0.8+dfsg-1
@@ -552055,7 +552055,7 @@ CVE-2020-24883
CVE-2020-24882
RESERVED
CVE-2020-24881 (SSRF exists in osTicket before 1.14.3, where an attacker can add malic ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2020-24880
RESERVED
CVE-2020-24879
@@ -557091,9 +557091,9 @@ CVE-2020-22611
CVE-2020-22610
RESERVED
CVE-2020-22609 (Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket befor ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2020-22608 (Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.1 ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2020-22607 (Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the ...)
- limesurvey <itp> (bug #472802)
CVE-2020-22606
@@ -570892,7 +570892,7 @@ CVE-2020-16195
CVE-2020-16194 (An Insecure Direct Object Reference (IDOR) vulnerability was found in ...)
NOT-FOR-US: Prestashop Opart devis
CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...)
- limesurvey <itp> (bug #472802)
CVE-2020-16191
@@ -577110,7 +577110,7 @@ CVE-2020-14014 (An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The q
CVE-2020-14013
RESERVED
CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in which the ...)
NOT-FOR-US: Lansweeper
CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...)
@@ -580827,7 +580827,7 @@ CVE-2020-12631
CVE-2020-12630
RESERVED
CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2020-12628
RESERVED
CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j ...)
@@ -628675,11 +628675,11 @@ CVE-2019-14751 (NLTK Downloader before 3.4.5 is vulnerable to a directory traver
NOTE: https://salvatoresecurity.com/zip-slip-in-nltk-cve-2019-14751/
NOTE: https://github.com/nltk/nltk/commit/f59d7ed8df2e0e957f7f247fe218032abdbe9a10
CVE-2019-14750 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2019-14749 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2019-14748 (An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1. ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2019-14747 (DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-de ...)
NOT-FOR-US: DWSurvey
CVE-2019-14746 (A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by ...)
@@ -633991,7 +633991,7 @@ CVE-2019-13399 (Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS ke
CVE-2019-13398 (Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute ...)
NOT-FOR-US: Dynacolor
CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local File Inc ...)
NOT-FOR-US: FlightPath
CVE-2019-13395 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF a ...)
@@ -639314,7 +639314,7 @@ CVE-2019-11539 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.
CVE-2019-11538 (In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3 ...)
NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2019-11537 (In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/ ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2019-11536 (Kalki Kalkitech SYNC3000 Substation DCU GPC v2.22.6, 2.23.0, 2.24.0, 3 ...)
NOT-FOR-US: Kalki Kalkitech
CVE-2019-11535 (Unsanitized user input in the web interface for Linksys WiFi extender ...)
@@ -705525,15 +705525,15 @@ CVE-2018-7198 (October CMS through 1.0.431 allows XSS by entering HTML on the Ad
CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored cross-site sc ...)
NOT-FOR-US: Pluck CMS
CVE-2018-7196 (Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhances ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2018-7195 (Enhancesoft osTicket before 1.10.2 allows remote attackers to reset ar ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2018-7194 (Integer format vulnerability in the ticket number generator in Enhance ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enha ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2018-7191 (In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid ...)
- linux 4.14.2-1
[stretch] - linux 4.9.65-1
@@ -731486,7 +731486,7 @@ CVE-2017-15582 (In net.MCrypt in the "Diary with lock" (aka WriteDiary) applicat
CVE-2017-15581 (In the "Diary with lock" (aka WriteDiary) application 4.72 for Android ...)
NOT-FOR-US: Diary with lock
CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' files with a ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pa ...)
NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the imag ...)
@@ -732174,7 +732174,7 @@ CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote a
CVE-2017-15363 (Directory traversal vulnerability in public/examples/resources/getsour ...)
NOT-FOR-US: Luracast Restler
CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code execution ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module ...)
NOT-FOR-US: Infineon RSA library
CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cros ...)
@@ -735279,7 +735279,7 @@ CVE-2017-14398 (rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to re
CVE-2017-14397 (AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.)
NOT-FOR-US: AnyDesk
CVE-2017-14396 (In osTicket before 1.10.1, SQL injection is possible by constructing a ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2017-14395 (Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) ...)
NOT-FOR-US: OpenAM
CVE-2017-14394 (OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) ...)
@@ -829884,7 +829884,7 @@ CVE-2015-1349 (named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x
CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware before ...)
NOT-FOR-US: Aruba Instant
CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2015-1344 (The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not pr ...)
- lxcfs <not-affected> (Fixed before initial upload to the archive)
NOTE: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854
@@ -830606,7 +830606,7 @@ CVE-2015-1178 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php i
CVE-2015-1177 (Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.)
NOT-FOR-US: Exponent CMS
CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2015-1174 (Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA ...)
NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1173 (Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not pro ...)
@@ -846376,7 +846376,7 @@ CVE-2014-4746 (IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through
CVE-2014-4745
RESERVED
CVE-2014-4744 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket before ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2014-4743 (Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax ...)
NOT-FOR-US: Kajona module
CVE-2014-4742 (Cross-site scripting (XSS) vulnerability in system/class_link.php in t ...)
@@ -909626,7 +909626,7 @@ CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business e
CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental ...)
NOT-FOR-US: Site2Nite
CVE-2010-4634 (Directory traversal vulnerability in osTicket 1.6 allows remote attack ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remot ...)
NOT-FOR-US: digiSHOP
CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow ...)
@@ -921905,9 +921905,9 @@ CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allow
CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 ...)
NOT-FOR-US: Sterlite SAM300 AX Router
CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket b ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 S ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2 ...)
NOT-FOR-US: Cisco PGW
CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...)
@@ -930794,7 +930794,7 @@ CVE-2009-2363 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows
CVE-2009-2362 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows rem ...)
NOT-FOR-US: KUDRSOFT AudioPLUS
CVE-2009-2361 (SQL injection vulnerability in include/class.staff.php in osTicket bef ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2009-2359 (Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context- ...)
NOT-FOR-US: TekRADIUS
CVE-2009-2358 (TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini f ...)
@@ -974606,7 +974606,7 @@ CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS manage
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ID ...)
NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket a ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure pe ...)
NOT-FOR-US: Passgo Defender
CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...)
@@ -995310,9 +995310,9 @@ CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows r
CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and e ...)
NOT-FOR-US: EasyPHPCalender
CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) open.ph ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote att ...)
NOT-FOR-US: Geeklog
CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures whe ...)
@@ -998691,13 +998691,13 @@ CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 an
CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Ente ...)
NOT-FOR-US: ViArt Shop
CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket allow ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote attack ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated us ...)
- openwebmail <removed>
CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
@@ -1005228,9 +1005228,9 @@ CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNM
CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
NOT-FOR-US: D-Link DI-614+ SOHO router
CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the up ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
- NOT-FOR-US: osTicket
+ - osticket <itp> (bug #998157)
CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mo ...)
NOT-FOR-US: ZoneAlarm Pro
CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote at ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da11085cfa612b8b6e0841f95e6d4c3fb2481539
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/da11085cfa612b8b6e0841f95e6d4c3fb2481539
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/daa6a9ea/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list