diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2019-02-12 21:32:28 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-02-12 21:32:28 +0100 |
| commit | 1e9de1e7dd2e639c3335d43da2a67a234614e390 (patch) | |
| tree | 33af95908d7da1f4f61891393649a08a14c38aa9 /data/CVE | |
| parent | 4d2aeec7bc496e56b73f950c174723a5ac69eb0b (diff) | |
Unify some older Joomla! NFUs
Diffstat (limited to 'data/CVE')
| -rw-r--r-- | data/CVE/2005.list | 6 | ||||
| -rw-r--r-- | data/CVE/2006.list | 40 | ||||
| -rw-r--r-- | data/CVE/2007.list | 46 | ||||
| -rw-r--r-- | data/CVE/2008.list | 58 | ||||
| -rw-r--r-- | data/CVE/2009.list | 52 | ||||
| -rw-r--r-- | data/CVE/2010.list | 14 | ||||
| -rw-r--r-- | data/CVE/2011.list | 40 | ||||
| -rw-r--r-- | data/CVE/2012.list | 42 | ||||
| -rw-r--r-- | data/CVE/2013.list | 24 | ||||
| -rw-r--r-- | data/CVE/2014.list | 14 | ||||
| -rw-r--r-- | data/CVE/2015.list | 24 | ||||
| -rw-r--r-- | data/CVE/2016.list | 12 | ||||
| -rw-r--r-- | data/CVE/2017.list | 24 | ||||
| -rw-r--r-- | data/CVE/2018.list | 8 | ||||
| -rw-r--r-- | data/CVE/2019.list | 8 |
15 files changed, 206 insertions, 206 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 55439e7bb9..fa7b91d6a2 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -2480,11 +2480,11 @@ CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVo CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Cisco CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...) NOT-FOR-US: PHP-Post CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 256251766b..20bd67c083 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -13,7 +13,7 @@ CVE-2006-7249 CVE-2006-7248 REJECTED CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-7246 RESERVED - wpasupplicant 0.7.3-1 @@ -565,11 +565,11 @@ CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitra CVE-2006-7011 (** DISPUTED ** ...) NOT-FOR-US: FlashChat CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...) NOT-FOR-US: Tiny FTPd CVE-2006-7006 (** DISPUTED ** ...) @@ -942,11 +942,11 @@ CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5 CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...) NOT-FOR-US: Land Down Under CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote ...) NOT-FOR-US: aFAQ CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...) @@ -6169,27 +6169,27 @@ CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shape CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...) NOT-FOR-US: ezContents CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before ...) NOT-FOR-US: Simple Machines Forum CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-4465 (** DISPUTED ** ...) NOT-FOR-US: Microsoft CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...) @@ -8467,9 +8467,9 @@ CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web docu CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...) NOT-FOR-US: PHPMailList CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...) NOT-FOR-US: Nuked-Klan CVE-2006-3478 (PHP remote file inclusion vulnerability in ...) @@ -9605,7 +9605,7 @@ CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in ... CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows ...) NOT-FOR-US: CesarFTP CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 ...) NOT-FOR-US: Snitz Forum CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote ...) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 5477d40a9c..a91a32a79d 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -275,13 +275,13 @@ CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and ear CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...) NOT-FOR-US: LiveCart CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts ...) NOT-FOR-US: milliscripts CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not ...) @@ -1179,7 +1179,7 @@ CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in ...) CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in ...) NOT-FOR-US: SonicWALL GLobal VPN Client CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain ...) NOT-FOR-US: Absolute News Manager.NET CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News ...) @@ -2845,7 +2845,7 @@ CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a .. - acidbase 1.3.8 (low) [etch] - acidbase <no-dsa> (Minor issue) CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic ...) NOT-FOR-US: BEA Tuxedo CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 ...) @@ -3155,7 +3155,7 @@ CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote ...) NOT-FOR-US: UMI CMS CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX ...) NOT-FOR-US: ActiveKB NX CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...) @@ -4716,15 +4716,15 @@ CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a de - php5 5.2.3-1 (unimportant) NOTE: Only triggerable by malicious script CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition ...) NOT-FOR-US: Microsoft Visual Basic CVE-2007-4775 @@ -6008,7 +6008,7 @@ CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsys CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...) NOT-FOR-US: DiMeMa CONTENTdm CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...) NOT-FOR-US: Astaro Security Gateway CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform ...) @@ -6129,19 +6129,19 @@ CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's ...) NOT-FOR-US: Panda Antivirus CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the ...) NOT-FOR-US: Joomla! addon CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and ...) NOT-FOR-US: paBugs CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver ...) @@ -10884,7 +10884,7 @@ CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolu CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in ...) NOT-FOR-US: Pagode CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...) NOT-FOR-US: LAN Management System CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...) @@ -15132,7 +15132,7 @@ CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System ( CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...) NOT-FOR-US: Woltlab Burning Board CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...) NOT-FOR-US: PostNuke CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...) @@ -15156,11 +15156,11 @@ CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remo CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...) NOT-FOR-US: Virtuemart CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...) - mambo 4.6.1-5 (bug #407995; low) CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...) NOT-FOR-US: PHP-Nuke CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ...) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 5858fb8cf9..8c93c22ebf 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -410,7 +410,7 @@ CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweigh CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce ...) NOT-FOR-US: GSC build CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ...) NOT-FOR-US: ActiveX CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager ...) @@ -1485,7 +1485,7 @@ CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_ CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) NOT-FOR-US: InfoBiz Server CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...) NOT-FOR-US: OneCMS CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...) @@ -1944,9 +1944,9 @@ CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue Riv CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 ...) NOT-FOR-US: BMForum CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject ...) - kaya 0.4.2-1 (low) [etch] - kaya <no-dsa> (Minor issue) @@ -2340,7 +2340,7 @@ CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assis [lenny] - vim <not-affected> (proof-of-concept does not work) [etch] - vim <no-dsa> (Minor issue) CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! and ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts Drinks ...) NOT-FOR-US: Five Dollar Scripts Drinks script CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass authentication and ...) @@ -2364,9 +2364,9 @@ CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of The CVE-2008-6223 (PHP remote file inclusion vulnerability in visualizza.php in Way Of ...) NOT-FOR-US: Way Of The Warrior CVE-2008-6222 (Directory traversal vulnerability in the Pro Desk Support Center ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6221 (PHP remote file inclusion vulnerability in config.dadamail.php in the ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6220 (SQL injection vulnerability in login.php in Simple Document Management ...) NOT-FOR-US: Simple Document Management System CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC ...) @@ -2516,9 +2516,9 @@ CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads ...) NOT-FOR-US: SepCity Faculty Portal CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with ...) NOT-FOR-US: ForumApp CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, ...) @@ -2586,7 +2586,7 @@ CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows ...) NOT-FOR-US: PG Job Site Pro CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...) NOT-FOR-US: Prozilla Hosting Index CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper ...) @@ -2643,7 +2643,7 @@ CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Min CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image ...) NOT-FOR-US: ScriptsEz CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life ...) NOT-FOR-US: Camera Life CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...) @@ -2659,7 +2659,7 @@ CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 ...) NOT-FOR-US: Simple Customer CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6079 (imlib2 before 1.4.2 allows context-dependent attackers to have an ...) {DSA-2029-1} - imlib2 1.4.2-1 (bug #576469) @@ -2669,7 +2669,7 @@ CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a ...) NOT-FOR-US: LoudBlog CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...) NOT-FOR-US: Bahar Download Script CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and ...) @@ -2688,7 +2688,7 @@ CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage functi CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 ...) NOT-FOR-US: eChat plugin CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-7272 [iceweasel-firegpg: Passphrase and Cleartext Recovery] RESERVED - iceweasel-firegpg <removed> (bug #514386) @@ -2935,7 +2935,7 @@ CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Tes CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...) NOT-FOR-US: Active Test CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information ...) NOT-FOR-US: Wbstreet CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET ...) @@ -3563,7 +3563,7 @@ CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the me CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: PHParanoid CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...) - textpattern 4.0.6-1 (low) CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...) @@ -3622,7 +3622,7 @@ CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend modu - typo3-src 4.2.3-1 (bug #505324) [etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected) CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made ...) NOT-FOR-US: CMS Made Simple CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...) @@ -7340,7 +7340,7 @@ CVE-2008-4124 CVE-2008-4123 RESERVED CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce ...) NOT-FOR-US: cpCommerce CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...) @@ -7381,13 +7381,13 @@ CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings ab {DSA-1871-2 DSA-1871-1} - wordpress 2.5.1-8 (bug #500115) CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...) {DSA-1733-1} - vim 2:7.2.010-1 (low; bug #500381) @@ -8498,7 +8498,7 @@ CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows ...) NOT-FOR-US: YPN PHP Realty CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and ...) NOT-FOR-US: Flagship Industries Ventrilo CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) @@ -9585,13 +9585,13 @@ CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a - xmovie <removed> (unimportant) NOTE: Only a NULL pointer deference, hardly security relevant CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest ...) {DSA-1544-2} - pdns-recursor 3.1.7-1 (low; bug #493576) @@ -10359,7 +10359,7 @@ CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Softwa CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ ...) NOT-FOR-US: AJ Square aj-hyip CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...) NOT-FOR-US: emuCMS CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football ...) @@ -13544,7 +13544,7 @@ CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka ... CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b ...) NOT-FOR-US: PowerPHPBoard CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...) - perlbal <not-affected> (Fixed before initial upload to archive) CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd ...) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 22ffe97e83..dc7d139e28 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1187,13 +1187,13 @@ CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other [etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1) [lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1) CVE-2009-4628 (SQL injection vulnerability in the TemplatePlaza.com TPDugg ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-4627 (Directory traversal vulnerability in sources/_template_parser.php in ...) NOT-FOR-US: Moa Gallery CVE-2009-4626 (Directory traversal vulnerability in menu.php in phpNagios 1.2.0 ...) NOT-FOR-US: phpNagios CVE-2009-4625 (SQL injection vulnerability in the updateOnePage function in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-4624 (SQL injection vulnerability in download.php in Nicecoder iDesk allows ...) NOT-FOR-US: Nicecoder iDesk CVE-2009-4623 (Multiple PHP remote file inclusion vulnerabilities in Advanced Comment ...) @@ -1203,9 +1203,9 @@ CVE-2009-4622 (PHP remote file inclusion vulnerability in admin/admin_news_bot.p CVE-2009-4621 (SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier ...) NOT-FOR-US: Discuz CVE-2009-4620 (SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-4619 (SQL injection vulnerability in the Lucy Games (com_lucygames) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-4618 (Multiple SQL injection vulnerabilities in Tourism Script Bus Script ...) NOT-FOR-US: Tourism Script Bus Script CVE-2009-4617 (Multiple SQL injection vulnerabilities in Tourism Script Accommodation ...) @@ -1235,7 +1235,7 @@ CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410 wi CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the ...) NOT-FOR-US: South River Technologies WebDrive CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, ...) NOT-FOR-US: SAP Kernel CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x ...) @@ -1245,9 +1245,9 @@ CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in basic_search_result.p CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...) NOT-FOR-US: NetArt Media Real Estate Portal CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory ...) NOT-FOR-US: PHP Inventory CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory ...) @@ -2307,7 +2307,7 @@ CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...) CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension ...) NOT-FOR-US: TYPO3 extension CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in ...) NOT-FOR-US: Ciamos CMS CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote ...) @@ -3232,9 +3232,9 @@ CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote PO CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the ...) NOT-FOR-US: ArubaOS CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery ...) NOT-FOR-US: TFTgallery CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...) @@ -7302,7 +7302,7 @@ CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in . CVE-2009-2401 (Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows ...) NOT-FOR-US: PHPEcho CVE-2009-2400 (SQL injection vulnerability in the PHP (com_php) component for Joomla! ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-2399 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: DM FileManager CVE-2009-2398 (Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 ...) @@ -7312,7 +7312,7 @@ CVE-2009-2397 (Directory traversal vulnerability in download.php in Audio Articl CVE-2009-2396 (PHP remote file inclusion vulnerability in template/album.php in DM ...) NOT-FOR-US: DM Albums CVE-2009-2395 (SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-2394 (SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp ...) NOT-FOR-US: SMSPages CVE-2009-2393 (admin/index.php in Virtuenetz Virtue Online Test Generator does not ...) @@ -7322,7 +7322,7 @@ CVE-2009-2392 (SQL injection vulnerability in text.php in Virtuenetz Virtue Onli CVE-2009-2391 (Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz ...) NOT-FOR-US: Virtuenetz Virtue Online Test Generator CVE-2009-2390 (SQL injection vulnerability in the BookFlip (com_bookflip) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-2389 (Multiple SQL injection vulnerabilities in newsscript.php in USOLVED ...) NOT-FOR-US: USOLVED NEWSolved CVE-2009-2388 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...) @@ -10321,9 +10321,9 @@ CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 ...) NOT-FOR-US: glFusion CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in ...) NOT-FOR-US: Gravity Board CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...) @@ -10365,7 +10365,7 @@ CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...) NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and ...) NOT-FOR-US: Fortinet FortiClient CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk ...) @@ -10375,7 +10375,7 @@ CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions ...) NOT-FOR-US: Insane Visions AdaptBB CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows ...) NOT-FOR-US: Magic ISO Maker CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to ...) @@ -11803,7 +11803,7 @@ CVE-2009-0728 (SQL injection vulnerability in the My_eGallery module for MAXdev CVE-2009-0727 (SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and ...) NOT-FOR-US: taifajobs CVE-2009-0726 (SQL injection vulnerability in the GigCalendar (com_gigcal) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0725 RESERVED CVE-2009-0724 @@ -11846,7 +11846,7 @@ CVE-2009-0708 (Multiple cross-site request forgery (CSRF) vulnerabilities in ... CVE-2009-0707 (SQL injection vulnerability in admin/index.php in PowerClan 1.14a ...) NOT-FOR-US: PowerClan CVE-2009-0706 (SQL injection vulnerability in the Simple Review (com_simple_review) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0705 (SQL injection vulnerability in news.php in PowerScripts PowerNews ...) NOT-FOR-US: PowerScripts PowerNews CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allows ...) @@ -11854,7 +11854,7 @@ CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allow CVE-2009-0703 (SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 ...) NOT-FOR-US: ASPThai.Net Webboard CVE-2009-0702 (SQL injection vulnerability in the Phoca Documentation ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0701 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...) NOT-FOR-US: Cybershade CVE-2009-0700 (Plunet BusinessManager 4.1 and earlier allows remote authenticated ...) @@ -12397,7 +12397,7 @@ CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Rea CVE-2009-0495 (PHP remote file inclusion vulnerability in include/define.php in ...) NOT-FOR-US: REALTOR CVE-2009-0494 (SQL injection vulnerability in the Portfol (com_portfol) 1.2 component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0493 (SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier ...) NOT-FOR-US: IT CMS CVE-2009-0492 (Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has ...) @@ -12549,9 +12549,9 @@ CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in ...) NOT-FOR-US: phpList CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, ...) NOT-FOR-US: Microsoft CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX ...) @@ -12649,9 +12649,9 @@ CVE-2009-0380 (** DISPUTED ** ...) CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club ...) NOT-FOR-US: Prince Clan Chess Club CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer ...) NOT-FOR-US: RealPlayer CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...) @@ -12660,7 +12660,7 @@ CVE-2009-0374 (** DISPUTED ** ...) - chromium-browser <unfixed> (unimportant) - webkit <not-affected> (poc doesn't work) CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik ...) NOT-FOR-US: Miltenovik Manojlo MemHT Portal CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 356dcdc145..8cb0150cdf 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1052,9 +1052,9 @@ CVE-2010-4840 (Multiple buffer overflows in the Syslog server in ManageEngine .. CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...) NOT-FOR-US: Wordpress plugin Event Registration CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2010-4836 (Cross-site scripting (XSS) vulnerability in register.html in PHPShop ...) NOT-FOR-US: PHPShop CVE-2010-4835 (Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 ...) @@ -1410,7 +1410,7 @@ CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2 - php5 5.3.5-1 (unimportant) NOTE: requires attacker to be able to execute code already CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...) - gif2png 2.5.4-2 (low; bug #610479) [lenny] - gif2png <no-dsa> (Minor issue) @@ -2842,7 +2842,7 @@ CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick - imagemagick 8:6.6.0.4-3 (low; bug #601824) [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4 CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...) - linux-2.6 2.6.32-28 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28) @@ -4024,7 +4024,7 @@ CVE-2010-3714 (The jumpUrl (aka access tracking) implementation in ...) CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum ...) NOT-FOR-US: UseBB CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...) - pidgin 2.7.4-1 [squeeze] - pidgin 2.7.3-1+squeeze1 @@ -7183,7 +7183,7 @@ CVE-2010-2537 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux k CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and ...) - rekonq 0.5.0-2 (bug #593300) CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...) - openttd 1.0.3-1 [lenny] - openttd <not-affected> (Introduced in 1.0.1) @@ -9355,7 +9355,7 @@ CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...) - mediawiki 1:1.15.4-1 (bug #585918; low) [lenny] - mediawiki 1:1.12.0-2lenny6 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 0908782284..b2bd04ab4b 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -898,7 +898,7 @@ CVE-2011-4938 NOT-FOR-US: Ariadne CMS not in Debian CVE-2011-4937 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4936 REJECTED CVE-2011-4935 @@ -980,22 +980,22 @@ CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linu - linux-2.6 2.6.38-4 CVE-2011-4912 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4908 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4907 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4906 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...) - activemq 5.5.0+dfsg-5 (bug #655495) CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...) @@ -2336,7 +2336,7 @@ CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uplo CVE-2011-4333 (Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and ...) NOT-FOR-US: LabWiki CVE-2011-4332 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4331 REJECTED CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in ...) @@ -2364,7 +2364,7 @@ CVE-2011-4322 RESERVED NOT-FOR-US: websitebaker CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and ...) - ejabberd 2.1.9-1 (low) [squeeze] - ejabberd <no-dsa> (Only triggerable with malformed config file) @@ -4190,7 +4190,7 @@ CVE-2011-3630 [hardlink has buffer overflows, is unsafe on changing trees] - hardlink <not-affected> (Only the C version, ours are written in Python) CVE-2011-3629 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...) - pam 1.1.3-7 (low; bug #670076) [squeeze] - pam <no-dsa> (Minor issue) @@ -4320,7 +4320,7 @@ CVE-2011-3596 NOTE: http://seclists.org/fulldisclosure/2011/Oct/10 CVE-2011-3595 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in ...) - pidgin 2.10.1-1 (unimportant) [squeeze] - pidgin 2.7.3-1+squeeze2 @@ -6392,13 +6392,13 @@ CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 throu CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows ...) NOT-FOR-US: IBM Lotus Symphony CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-2891 (Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-2890 (The MediaViewMedia class in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-2889 (templates/system/error.php in Joomla! before 1.5.23 might allow remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-2888 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a ...) NOT-FOR-US: IBM Lotus Symphony CVE-2011-2887 (IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to ...) @@ -6991,7 +6991,7 @@ CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x b CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo ...) NOT-FOR-US: cgit CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-2709 (libgssapi and libgssglue before 0.4 do not properly check privileges, ...) - libgssglue 0.4-1 (low; bug #670256) [squeeze] - libgssglue <no-dsa> (Minor issue in Squeeze) @@ -7506,7 +7506,7 @@ CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding fea [squeeze] - dokuwiki 0.0.20091225c-10+squeeze2 [lenny] - dokuwiki 0.0.20080505-4+lenny3 CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-2508 (Directory traversal vulnerability in libraries/display_tbl.lib.php in ...) {DSA-2286-1} - phpmyadmin 4:3.4.3.1-1 @@ -7579,7 +7579,7 @@ CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-te {DSA-2281-1} - opie <removed> (bug #631344) CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-2487 RESERVED NOT-FOR-US: Apache CXF @@ -14272,7 +14272,7 @@ CVE-2011-0006 (The ima_lsm_rule_init function in security/integrity/ima/ima_poli - linux-2.6 2.6.32-30 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30) CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik before ...) - piwik <itp> (bug #506933) CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index ddda628eeb..afad4ece64 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -2285,7 +2285,7 @@ CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent functio CVE-2012-5828 RESERVED CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-5826 RESERVED CVE-2012-5825 (Tweepy does not verify that the server hostname matches a domain name ...) @@ -5320,7 +5320,7 @@ CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Joomla addon CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-4530 (The load_script function in fs/binfmt_script.c in the Linux kernel ...) - linux 3.2.35-1 - linux-2.6 <removed> @@ -7229,9 +7229,9 @@ CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in decoda/templates/vide CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...) NOT-FOR-US: Decoda not in Debian CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-3827 RESERVED CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...) @@ -9908,9 +9908,9 @@ CVE-2012-2749 (MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote . - mysql-5.1 <removed> - mysql-5.5 5.5.24+dfsg-1 CVE-2012-2748 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-2747 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-2746 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...) - 389-ds-base <not-affected> (Fixed before initial upload) CVE-2012-2745 (The copy_creds function in kernel/cred.c in the Linux kernel before ...) @@ -12694,9 +12694,9 @@ CVE-2012-1614 (Coppermine Photo Gallery before 1.5.20 allows remote attackers to CVE-2012-1613 (Cross-site scripting (XSS) vulnerability in edit_one_pic.php in ...) NOT-FOR-US: Coppermine CVE-2012-1612 (Cross-site scripting (XSS) vulnerability in the update manager in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-1611 (Joomla! 2.5.x before 2.5.4 does not properly check permissions, which ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in magick/property.c ...) {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) @@ -12726,9 +12726,9 @@ CVE-2012-1600 (Multiple cross-site scripting (XSS) vulnerabilities in functions. - phppgadmin 5.0.4-1 [squeeze] - phppgadmin <no-dsa> (Minor issue, will be fixed through a point update) CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...) NOT-FOR-US: eZ Publish CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...) @@ -12815,10 +12815,10 @@ CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: YVS CVE-2012-1563 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-1562 RESERVED - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-1561 (Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x ...) NOT-FOR-US: Drupal Finder CVE-2012-1560 @@ -13834,9 +13834,9 @@ CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in Manti {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669924) CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-1115 RESERVED - phpldapadmin 1.2.2-3 (low; bug #662050) @@ -14531,11 +14531,11 @@ CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...) - libstruts1.2-java <not-affected> (struts 2 issue) CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-0836 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...) - phpldapadmin 1.2.2-1 (low; bug #658907) [squeeze] - phpldapadmin <no-dsa> (Minor issue) @@ -14575,13 +14575,13 @@ CVE-2012-0823 (VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows re [squeeze] - libvpx <not-affected> (Introduced in 0.9.7) NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html CVE-2012-0822 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-0821 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-0820 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary files ...) NOT-FOR-US: RESTEasy framework for JBoss CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 02da615626..2a1821a3b0 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -5179,7 +5179,7 @@ CVE-2013-5585 CVE-2013-5584 RESERVED CVE-2013-5583 (Cross-site scripting (XSS) vulnerability in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-5582 RESERVED NOT-FOR-US: Ammyy Admin @@ -5227,7 +5227,7 @@ CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions - ngircd <not-affected> (only affects 20, 20.1, and 20.2) NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html CVE-2013-5576 (administrator/components/com_media/helpers/media.php in the media ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-5575 REJECTED CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance ...) @@ -10046,7 +10046,7 @@ CVE-2013-3721 (SQL injection vulnerability in awards.php in PsychoStats 3.2.2b a CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php in the ...) NOT-FOR-US: Wordpress plugin Feedweb CVE-2013-3719 (Cross-site scripting (XSS) vulnerability in the aiContactSafe ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-3718 [evince missing check on number of pages] RESERVED - evince 3.10.0-1 @@ -11031,7 +11031,7 @@ CVE-2013-3269 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after ...) NOT-FOR-US: Novell iManager CVE-2013-3267 (Cross-site scripting (XSS) vulnerability in the highlighter plugin in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-3266 (The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the ...) {DSA-2672-1} - kfreebsd-9 9.0-11 (bug #706414) @@ -11090,7 +11090,7 @@ CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM CVE-2013-3243 (Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver ...) NOT-FOR-US: SAP NetWeaver CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...) - phpmyadmin <not-affected> (Vulnerable code not present) CVE-2013-3240 (Directory traversal vulnerability in the Export feature in phpMyAdmin ...) @@ -11503,13 +11503,13 @@ CVE-2013-3061 (The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H ...) CVE-2013-3060 (The web console in Apache ActiveMQ before 5.8.0 does not require ...) - activemq <not-affected> (Web console not provided in Debian package, see #702670) CVE-2013-3059 (Cross-site scripting (XSS) vulnerability in the Voting plugin in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-3058 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-3057 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-3056 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-3055 (Lexmark Markvision Enterprise before 1.8 provides a diagnostic ...) NOT-FOR-US: Lexmark Markvision Enterprise CVE-2013-3054 @@ -16437,11 +16437,11 @@ CVE-2013-1457 CVE-2013-1456 RESERVED CVE-2013-1455 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-1454 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-1453 (plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2013-1452 RESERVED CVE-2013-4696 diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 512ea3be6f..29f7414e98 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -6055,13 +6055,13 @@ CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers CVE-2014-7985 (Directory traversal vulnerability in EspoCRM before 2.6.0 allows ...) NOT-FOR-US: EspoCRM CVE-2014-7984 (Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2014-7983 (Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS ...) NOT-FOR-US: Joomla component com_contact CVE-2014-7982 (Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2014-7981 (SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2014-7980 (Multiple cross-site scripting (XSS) vulnerabilities in template.php in ...) NOT-FOR-US: Drupal theme Zen CVE-2014-7979 (Cross-site scripting (XSS) vulnerability in the SimpleCorp theme ...) @@ -7827,9 +7827,9 @@ CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) ...) NOT-FOR-US: GE Healthcare Discovery XR656 and XR656 G2 CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2014-7227 REJECTED CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and ...) @@ -9105,9 +9105,9 @@ CVE-2014-6633 (The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x - tryton-server 3.2.3-1 NOTE: https://bugs.tryton.org/issue4155 CVE-2014-6632 (Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2014-6631 (Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2014-6630 RESERVED CVE-2014-6629 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index ff9fcae4d6..ca0536392a 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1665,7 +1665,7 @@ CVE-2015-8770 (Directory traversal vulnerability in the set_skin function in ... NOTE: http://web.archive.org/web/20160329044421/http://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released NOTE: https://github.com/roundcube/roundcubemail/commit/10e5192a2b1bc90ec137f5e69d0aa072c1210d6d CVE-2015-8769 (SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-8768 (click/install.py in click does not require files in package filesystem ...) NOT-FOR-US: Click package manager NOTE: http://www.ubuntu.com/usn/usn-2771-1/ @@ -2501,13 +2501,13 @@ CVE-2015-8575 (The sco_sock_bind function in net/bluetooth/sco.c in the Linux ke CVE-2015-8566 (The Session package 1.x before 1.3.1 for Joomla! Framework allows ...) NOT-FOR-US: Session package for Joomla CVE-2015-8565 (Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-8564 (Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-8563 (Cross-site request forgery (CSRF) vulnerability in the com_templates ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-8562 (Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric ...) NOT-FOR-US: F1BookView CVE-2015-8555 (Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU ...) @@ -4600,7 +4600,7 @@ CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users to CVE-2015-7886 (NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are ...) NOT-FOR-US: NetApp CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-7883 RESERVED CVE-2015-7882 @@ -4680,11 +4680,11 @@ CVE-2015-7861 (Persistent Accelerite Radia Client Automation (formerly HP Client CVE-2015-7860 (Stack-based buffer overflow in the agent in Persistent Accelerite ...) NOT-FOR-US: Persistent Accelerite Radia CVE-2015-7859 (The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...) NOT-FOR-US: OpenNMS CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and ...) @@ -6312,7 +6312,7 @@ CVE-2015-7298 (ownCloud Desktop Client before 2.0.1, when compiled with a Qt rel [jessie] - owncloud-client <not-affected> (not compiled with a Qt release greater than 5.3.x) NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-016 CVE-2015-7297 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-XXXX [Privilege escalation via core-gui] - core-network <removed> (bug #799756) NOTE: http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html @@ -7242,7 +7242,7 @@ CVE-2015-7940 (The Bouncy Castle Java library before 1.51 does not validate a po NOTE: Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a NOTE: Peter Dettman <peter.dettman@bouncycastle.org> offered to assist if backporting fails and to review the result. CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-6936 RESERVED CVE-2015-6935 @@ -11241,7 +11241,7 @@ CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 a CVE-2015-5398 RESERVED CVE-2015-5397 (Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2015-5396 RESERVED CVE-2015-5394 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index ca720b6d0c..dc4fd59502 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -2782,11 +2782,11 @@ CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verb NOTE: https://github.com/mapserver/mapserver/pull/4928 NOTE: https://github.com/mapserver/mapserver/pull/5356 CVE-2016-9838 (An issue was discovered in components/com_users/models/registration.php ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2016-9837 (An issue was discovered in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x ...) NOT-FOR-US: Zikula CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary ...) @@ -5419,7 +5419,7 @@ CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security flaw NOTE: https://hackerone.com/reports/178152 NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/ CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2016-9080 (Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ...) - firefox 50.1.0-1 - firefox-esr <not-affected> (Only affects Firefox 50.x) @@ -5914,9 +5914,9 @@ CVE-2016-8872 CVE-2016-8871 (In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding ...) - botan1.10 <not-affected> (Only affects 1.11.29 through 1.11.32) CVE-2016-8870 (The register method in the UsersModelRegistration class in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2016-8869 (The register method in the UsersModelRegistration class in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2016-8868 RESERVED CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 1d2cb103f5..5f1c8be546 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -20522,7 +20522,7 @@ CVE-2017-11365 [Empty passwords validation issue] - symfony <not-affected> (introduced in versions that were never packaged in Debian) NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-11363 RESERVED CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...) @@ -22963,9 +22963,9 @@ CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the .. NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704 NOTE: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940 CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-9932 (Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a ...) NOT-FOR-US: Green Packet CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware ...) @@ -27768,7 +27768,7 @@ CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND pas CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - ...) NOT-FOR-US: Dive Assistant CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an ...) NOT-FOR-US: Center for Internet Security CIS-CAT Pro Dashboard CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...) @@ -29980,7 +29980,7 @@ CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in "Foxit CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat ...) NOT-FOR-US: HipChat CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...) NOT-FOR-US: WatchGuard CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox ...) @@ -30146,19 +30146,19 @@ CVE-2017-7991 (Exponent CMS 2.4.1 and earlier has SQL injection via a base64 ... CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with ...) NOT-FOR-US: OpenMRS CVE-2017-7989 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-7988 (In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-7987 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-7986 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-7985 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-7984 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-7983 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in ...) - libplist 1.12+git+1+e37ca00-0.3 (bug #860945) [jessie] - libplist <no-dsa> (Minor issue) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 9dcb3589d2..1c2c9165f5 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -12850,11 +12850,11 @@ CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...) CVE-2018-15883 RESERVED CVE-2018-15882 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2018-15879 RESERVED CVE-2018-15878 @@ -32858,7 +32858,7 @@ CVE-2018-8047 CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before ...) NOT-FOR-US: Sencha CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2018-8044 RESERVED CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 0af6217d8e..5541746de9 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -3429,13 +3429,13 @@ CVE-2019-6266 CVE-2019-6265 RESERVED CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2019-6262 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2019-6261 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...) - NOT-FOR-US: Joomla + NOT-FOR-US: Joomla! CVE-2019-6260 (The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) ...) NOT-FOR-US: ASPEED CVE-2019-6259 (An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL ...) |