diff options
author | William Desportes <williamdes@wdes.fr> | 2020-01-11 20:50:29 +0100 |
---|---|---|
committer | William Desportes <williamdes@wdes.fr> | 2020-01-11 23:04:17 +0100 |
commit | 6e65e65e23ec39e6ac3c264364f4eddb68a46717 (patch) | |
tree | 85818826f78df2442cab40d7c466c72647fb6de0 | |
parent | 7e55a44ab3f99b4733aea499e520c090e959f511 (diff) |
Update old phpMyAdmin CVE entries
years:
- 2003 (ignored, no CVEs found)
- 2004 (4; 1 has patch links)
- 2005 (9; 3 had patch links)
- 2006 (9; 9 had patch links)
- 2007 (8; 8 had patch links)
- 2008 (10; 10 had patch links)
- 2018 (5; 5 had patch links)
- 2019 (5; 5 had patch links)
- 2020 (1; 1 has patch links)
Fixed links for: http://www.phpmyadmin.net/home_page/security/(.*).php
-rw-r--r-- | data/CVE/2004.list | 11 | ||||
-rw-r--r-- | data/CVE/2005.list | 21 | ||||
-rw-r--r-- | data/CVE/2006.list | 30 | ||||
-rw-r--r-- | data/CVE/2007.list | 16 | ||||
-rw-r--r-- | data/CVE/2008.list | 33 | ||||
-rw-r--r-- | data/CVE/2010.list | 4 | ||||
-rw-r--r-- | data/CVE/2014.list | 26 | ||||
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2017.list | 16 | ||||
-rw-r--r-- | data/CVE/2018.list | 3 | ||||
-rw-r--r-- | data/CVE/2019.list | 1 |
11 files changed, 136 insertions, 27 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list index aa0b151954..d866237052 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -318,8 +318,10 @@ CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify co - phpmyadmin 1:2.5.7-pl1-1 CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5 ...) - phpmyadmin 1:2.5.7-pl1-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2004-1/ CVE-2004-2630 (The MIME transformation system (transformations/text_plain__external.i ...) - phpmyadmin 2:2.6.0-pl2-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2004-2/ CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for Firs ...) NOT-FOR-US: Click to Meet express CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...) @@ -3449,8 +3451,16 @@ CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including NOT-FOR-US: Computer Associates eTrust EZ Antivirus CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...) - phpmyadmin 2:2.6.1-rc1-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2004-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1d170eefbf3b07c6bd968d9905a419aaf3aeedf0 + NOTE: A very big commit that might include useless changes + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f1f39b8ed115c5cfbd18d3dca5fad1707beb00f2 CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external t ...) - phpmyadmin 2:2.6.1-rc1-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2004-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1d170eefbf3b07c6bd968d9905a419aaf3aeedf0 + NOTE: A very big commit that might include useless changes + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f1f39b8ed115c5cfbd18d3dca5fad1707beb00f2 CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...) - cvstrac 1.1.5 CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) all ...) @@ -3678,6 +3688,7 @@ CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does no [sarge] - kernel-source-2.6.8 2.6.8-11 CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6. ...) - phpmyadmin 2:2.6.0-pl3-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2004-3/ CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5 ...) NOT-FOR-US: AIX CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote mal ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 1033c03948..a17035d769 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1251,8 +1251,10 @@ CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenB - linux-2.6 2.6.18-3 CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 an ...) NOT-FOR-US: WBEM Services -CVE-2005-4349 - - phpmyadmin <unfixed> (unimportant) +CVE-2005-4349 [SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7....] + - phpmyadmin 4:3.2.0-1 (unimportant) + NOTE: A big commit that included a lot of fixes/versions + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/644366eaf1bd10dd087bfc8c46ed98a337c04ab4#diff-4cb9ef0ba2c5556cd595ceb5dd85fd33R2070 NOTE: Only for authenticated used, will possibly be rejected CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidr ...) {DSA-939-1} @@ -1827,6 +1829,8 @@ CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote a ...) - phpmyadmin <not-affected> (Affects only 2.7.0) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-9/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5f3b086ed22b8ca49472d27a014df3908b0388ac CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1. ...) NOT-FOR-US: Ideal BB.NET CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...) @@ -2444,6 +2448,10 @@ CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-880-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #360726) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-7/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0191fc3c33feb809cf668f018ad53dc35061fe4c + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/2e5c10aa2fc10fb1004aac7db78ebdaac21b9220 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/053d90b6019959c3a503d6b12b9cd23dc31df2be CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZE ...) NOT-FOR-US: Novell ZENworks CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix ...) @@ -2688,6 +2696,8 @@ CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple un CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1207-1} - phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-8/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/05c719aba3b99820daa3187e055c6ef4540b53cc CVE-2005-XXXX [unsafe file permissions in vpnc] - vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant) NOTE: Only an example file @@ -3175,6 +3185,7 @@ CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier a CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows rem ...) {DSA-1207-1} - phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-6/ CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl ...) {DSA-896-1} - linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high) @@ -3673,8 +3684,9 @@ CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for phpM {DSA-880-1} - phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high) CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...) - [sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433) - phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high) + [sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433) + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-4/ CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote att ...) NOT-FOR-US: OpenWBEM CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote at ...) @@ -9243,6 +9255,7 @@ CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local u NOT-FOR-US: SCO CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin be ...) - phpmyadmin 3:2.6.2-rc1-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-3/ CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location f ...) NOT-FOR-US: AIX CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite a ...) @@ -10200,6 +10213,7 @@ CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause NOT-FOR-US: Soldier of Fortune II CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...) - phpmyadmin 3:2.6.1-pl2-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-1/ CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remot ...) NOT-FOR-US: Golden FTP Server CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote att ...) @@ -10246,6 +10260,7 @@ CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running NOT-FOR-US: MS Office CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of th ...) - phpmyadmin 3:2.6.1-pl2-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2005-2/ CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows re ...) - phpmyadmin 3:2.6.1-pl2-1 CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 a ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index fc416f094f..5dfaf300b1 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -708,6 +708,8 @@ CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote att CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.9.1.1-2 (medium) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-9/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/663eb2b85ed30c1226c5d617bb06c5afe1d3caf5 CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full s ...) - phpmyadmin 4:2.9.1.1-2 (unimportant) NOTE: Only path disclosure @@ -715,6 +717,8 @@ CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.9.1.1-2 (medium) NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer. + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-7/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/59d245f36ab4e0b8a49c44b1f9045fc9aef939b2 CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...) NOT-FOR-US: FreeWebshop CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...) @@ -2010,8 +2014,14 @@ CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 a [sarge] - phpmyadmin <not-affected> (doesn't use sessions at all) [etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-1/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c9d93f63940fe960d3b6341d8bfb7b707c87e744 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive infor ...) - - phpmyadmin <unfixed> (unimportant) + - phpmyadmin 4:2.9.1.1-1 (unimportant) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/98575f4e563c9323df597e2a9783e637b00b87e9 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/416285c4930ed24504edf58774384db4ffec1f86 + NOTE: The commits are both the same but they seem to be cherry-picks one of the other at some point + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-8/ NOTE: path is known in Debian anyway CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...) NOT-FOR-US: JAB Guest Book @@ -3445,6 +3455,8 @@ CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2. ...) - phpmyadmin 4:2.9.0.3-1 (low; bug #396638) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-6/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/39893dd0c956de6505d5a4d4590ad3e1f64bdffa CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Dat ...) NOT-FOR-US: Zend Google Data Client Library (ZendGData) CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allo ...) @@ -4751,6 +4763,10 @@ CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in php {DSA-1207-1} - phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-5/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b3906852bbcb5c4e116cc20e214b7f6793ca97aa + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ac2f606a21d474596a4b2cada961385439cbc8f0 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/50319d634c620044a0542495939cd68530f00259 CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows rem ...) NOT-FOR-US: KGB CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP In ...) @@ -8682,6 +8698,8 @@ CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain se CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 al ...) - phpmyadmin 4:2.8.2-0.1 (bug #377748; low) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6d6f47bdb2c7f5519dcc6497a6ebf9ebc305e6de CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News 1 ...) NOT-FOR-US: Fusion News CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to obta ...) @@ -11720,6 +11738,10 @@ CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2. ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-2/ + NOTE: The first linked commit is the official one for linked in PMASA + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79f778db99ac05e2028166d5a61ed25591e348c3 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fad722d2f488375f9cc94c0c75326e661c280ecc CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...) NOT-FOR-US: Allied Telesyn CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9. ...) @@ -12266,6 +12288,10 @@ CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allow CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin <not-affected> + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-3/ + NOTE: The first linked commit is the official commit from PMASA + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fde2f613ad402e442a3b54d628ad85444faaeabe + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bf717892f9207c6161dc7800eb63e940478ec47 CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7. ...) - phpmyadmin 4:2.8.1-1 (bug #363519; low) [sarge] - phpmyadmin <not-affected> (CSRF code not present in Sarge, too intrusive to backport) @@ -12646,6 +12672,8 @@ CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1207-1} - phpmyadmin 4:2.8.0.3-1 (bug #362567) + NOTE: https://www.phpmyadmin.net/security/PMASA-2006-1/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0933619b6b2534b221817ea3f631cb984c258d6b CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.0 ...) NOT-FOR-US: MAXdev MD-Pro CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics modu ...) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index ced826a602..2789c3bf94 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1558,6 +1558,8 @@ CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in libraries/auth/cookie - phpmyadmin 4:2.11.2.2-1 [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) [etch] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-8/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/960064b55f68cd74969e8f0eee56da045f6ea57a CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and SIParato ...) NOT-FOR-US: Ingate Firewall Siparator CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log tru ...) @@ -1884,6 +1886,9 @@ CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in phpM - phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465) [etch] - phpmyadmin <not-affected> (Vulnerable code not present) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-7/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/83adea5d6f79640648d3d5384c910820f1d085c3 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6225d4533abb0ffee0c985354326295a746cc79e CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11 ...) - phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465) CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) T ...) @@ -2842,6 +2847,8 @@ CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 CVE-2007-5589 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1403-1} - phpmyadmin 4:2.11.1.2-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-6/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c32d999eb16a9e2748a834e3ad722cc4d33f7dd5 CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when res ...) NOT-FOR-US: Pligg CMS CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a redirec ...) @@ -3291,6 +3298,8 @@ CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in {DSA-1403-1} - phpmyadmin 4:2.11.1.2-1 (bug #446451) [sarge] - phpmyadmin <not-affected> (vulnerable script not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-5/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/27d5467dc3ba6e594d5e5cd291a908b48464e289 CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alc ...) NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Thom ...) @@ -10779,7 +10788,8 @@ CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when runn CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin befo ...) {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.1-1 (low) - NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4 + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b4134b65a7e7ed355121b6c2db9ea6c9624509bc CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator ...) NOT-FOR-US: Adobe Photoshop CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabl ...) @@ -12755,6 +12765,8 @@ CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8 {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.0.2-1 (medium) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-2/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6215e201eb98226837954059f6c99c9aa1c55a9a CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...) NOT-FOR-US: Flat Chat CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2 ...) @@ -12934,6 +12946,8 @@ CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php i {DSA-1370-2 DSA-1370-1} - phpmyadmin 4:2.10.0.2-1 [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2007-3/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b81f9a364c2a2204e6acbdff5b71e6cc6daead1e CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the 3.1.4u ...) NOT-FOR-US: SnapGear CVE-2007-1323 diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 612361a8c0..620a88c5ce 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -3732,6 +3732,9 @@ CVE-2008-5622 CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x b ...) {DSA-1723-1} - phpmyadmin 4:2.11.8.1-5 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-10/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d4adbfc1996c7d715b0ac9fa39a2ac14d8b28ad (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/01685c90aaba943511de0496e7ecb7fe49fa765b CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...) NOT-FOR-US: ProjectPier CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in Projec ...) @@ -5875,7 +5878,10 @@ CVE-2008-XXXX [balazar3: insecure temp file handling] CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin ...) - phpmyadmin 4:2.11.8.1-4 (low) [etch] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: http://www.securityfocus.com/archive/1/497815 + NOTE: https://www.securityfocus.com/archive/1/497815 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-9/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/625e9f2e93671f9e4a9086b8d6c8111f70ffcc3d (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/600a2ca21bc8b40742fd0a919a6b06a477548647 CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when ...) NOT-FOR-US: PlugSpace CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remo ...) @@ -6869,6 +6875,9 @@ CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in phpM ...) {DSA-1675-1} - phpmyadmin 4:2.11.8.1-3 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-8/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44f9f2f8b7475c2d48c529d9bfd0ff473cd328b1 (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0d219abdcd55c11f7f629a58a2279f0839bd2acc CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the H ...) - viewvc 1.0.9-1 (bug #500779; unimportant) CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on Window ...) @@ -7620,6 +7629,9 @@ CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does no CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 all ...) {DSA-1641-1} - phpmyadmin 4:2.11.8.1-2 (medium) + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-7/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8d65ec564ada5c839be8f3f07f483cd82ce6a11 (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/64623fe9dbccff3f1ad9a54f844f91cefd07569c CVE-2008-XXXX [unsafe use of tempfile in ssmclient] - smsclient <unfixed> (unimportant; bug #498901) NOTE: script is not in use and only a suggestion for users @@ -9080,6 +9092,9 @@ CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdm {DSA-1641-1} - phpmyadmin 4:2.11.8~rc1-1 NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-6/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a5e53c31bcbcadcb5d16cffaa3b9af181b26296 (2.11 branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/0bfb27fb0538f43e9c49b6a183b767c2bed1524d CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in JnSHos ...) NOT-FOR-US: JnSHosts PHP Hosting Directory CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass a ...) @@ -9693,6 +9708,9 @@ CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin bef - phpmyadmin 4:2.11.7.1-1 (low) NOTE: this only allows via csrf to create an empty database. NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-5/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/13fbcf4107476dc2d53a8dde707667172f807641 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/084fd3ed16290339ee98a14d067932f638974044 (useless?) CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ( ...) NOT-FOR-US: Chipmunk Blog CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate Syste ...) @@ -10686,6 +10704,8 @@ CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, ...) - phpmyadmin 4:2.11.7~rc2-1 (unimportant) NOTE: We haven't supported installations with register_globals enabled since a long time + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aa2076eedc7e3664b09681d6fe9dd019eca98647 CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...) {DTSA-142-1} - perl 5.10.0-11 (bug #487319; medium) @@ -12680,8 +12700,8 @@ CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...) {DSA-1557-1} - phpmyadmin 4:2.11.5.2-1 - NOTE: PMASA-2008-3 - NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-3/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79fe2890d28076d9406f7032198109ecd22866a6 CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...) NOT-FOR-US: BigAnt Messenger CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...) @@ -13560,7 +13580,8 @@ CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) passw ...) {DSA-1557-1} - phpmyadmin 2.11.5.1 - NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-2/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/533bb88e32aafc17e754e5ea5e26e9b02b306993 NOTE: It is a workaround for the limited security that PHP has for NOTE: session files on a shared host. This limitation is documented with NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin. @@ -14510,7 +14531,9 @@ CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parame - phpmyadmin 4:2.11.5-1 (low) [etch] - phpmyadmin <no-dsa> (Minor issue) [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means + NOTE: https://www.phpmyadmin.net/security/PMASA-2008-1/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c57b39bed91f06d574a95d8a5a091e5e59492d69 + NOTE: SQL injection if you can set local cookies, which means NOTE: you must be able to create pages in the same cookie domain, which seems NOTE: rare and unwise. low priority. CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses AD ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index dec6a60208..d6ebcfce80 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -5831,7 +5831,7 @@ CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11 ...) {DSA-2097-2 DSA-2097-1} - phpmyadmin 4:3.3.5.1-1 - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2010-5/ CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2 ...) {DSA-2097-2 DSA-2097-1} - phpmyadmin 4:3.0.0 @@ -6040,7 +6040,7 @@ CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in libraries/Error.class.php ...) - phpmyadmin 4:3.3.6-1 [lenny] - phpmyadmin <not-affected> (only affects 3.x) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2010-6/ CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, ...) - serendipity 1.5.3-2 (bug #594905) CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 03daeeca8d..5b9a2ed5b5 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -3800,12 +3800,12 @@ CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection featu [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-18/ CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x be ...) {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.2.12-2 (low; bug #774194) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-17/ CVE-2014-9172 REJECTED CVE-2014-9171 @@ -4438,21 +4438,21 @@ CVE-2014-8961 (Directory traversal vulnerability in libraries/error_report.lib.p - phpmyadmin 4:4.2.12-1 [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-16/ CVE-2014-8960 (Cross-site scripting (XSS) vulnerability in libraries/error_report.lib ...) - phpmyadmin 4:4.2.12-1 [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-15/ CVE-2014-8959 (Directory traversal vulnerability in libraries/gis/GIS_Factory.class.p ...) - phpmyadmin 4:4.2.12-1 [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-14/ CVE-2014-8958 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...) {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.2.12-1 (low) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-13/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d need NOTE: to be backported to 3.4 @@ -6057,7 +6057,7 @@ CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin - phpmyadmin 4:4.2.10.1-1 (low) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-12/ CVE-2014-8325 (The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 ...) NOT-FOR-US: TYPO3 extension cal CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP Bus ...) @@ -8884,7 +8884,7 @@ CVE-2014-7218 RESERVED CVE-2014-7217 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...) - phpmyadmin 4:4.2.9.1-1 (low) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-11/ [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) CVE-2014-7216 (Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 a ...) @@ -11055,7 +11055,7 @@ CVE-2014-6301 (Multiple cross-site scripting (XSS) vulnerabilities in the tables NOT-FOR-US: PNMsoft CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history implemen ...) - phpmyadmin 4:4.2.8.1-1 - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-10/ [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) CVE-2014-6299 (Cross-site request forgery (CSRF) vulnerability in the mm_forum extens ...) @@ -13334,13 +13334,13 @@ CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations p - phpmyadmin 4:4.2.7.1-1 (low; bug #758536) [wheezy] - phpmyadmin <not-affected> (vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (vulnerable code not present) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-9/ NOTE: Version 3.x uses the browser-provided confirmation window and not custom HTML. CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0. ...) - phpmyadmin 4:4.2.7.1-1 (low; bug #758536) [wheezy] - phpmyadmin <not-affected> (vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (vulnerable code not present) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-8/ NOTE: Most of the affected Javascript files do not exist on version 3.3 and 3.4. NOTE: Those that do do not contain the problematic code. CVE-2014-5268 (The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote att ...) @@ -14076,12 +14076,12 @@ CVE-2014-4987 (server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4. - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-7/ CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...) - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2014-6/ CVE-2014-4985 RESERVED CVE-2014-4984 (Déjà Vu Crescendo Sales CRM has remote SQL Injection ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index cb7e607899..ec6a51c9fe 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -21071,7 +21071,7 @@ CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9 {DSA-3382-1 DLA-336-1} - phpmyadmin 4:4.4.4-1 (unimportant) NOTE: Hardening, not a concrete issue itself - NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php + NOTE: https://www.phpmyadmin.net/security/PMASA-2015-1/ CVE-2015-2205 RESERVED CVE-2015-2202 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 56129f8679..8e8eef943f 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1754,6 +1754,8 @@ CVE-2017-1000500 CVE-2017-1000499 (phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a ...) - phpmyadmin <not-affected> (Only affects phpMyAdmin starting from 4.7.0) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-9/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/edd929216ade9f7c150a262ba3db44db0fed0e1b (4.7-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/72f109a99c82b14c07dcb19946ba9b76efc32a1b (4.8-branch) CVE-2017-1000498 (AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsi ...) NOT-FOR-US: AndroidSVG CVE-2017-1000497 (Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the gets ...) @@ -21915,21 +21917,35 @@ CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions emb CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the re ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-7 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/afe84645f29f5acc9970f3ffa5673585bf2dee7d (4.0-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/4549ebde5a044b42c36da50dbf1af76a88545352 (4.4-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/96b4f13e54c9ebbebfd19d0690bfa0812b6818c1 (4.6-branch) CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-6 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8ad5bd759156c8c00a1c3e0ef374660027a3bb4 (4.0-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca8edbcd83fcd624701f43c99e7e675c1ab20387 (4.{4,6}-branch) CVE-2017-1000016 (A weakness was discovered where an attacker can inject arbitrary value ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-5 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3b6ed1f9ecaab86c488d106b1588d7683a6d53ef CVE-2017-1000015 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-4 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/8a0816266cc1db9e9889829f9f0d88a19650c977 (4.0-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/bd3677f161977bf0cc800cae82e65355bf49f342 (4.4-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3a6247674e653507294f23480b4c0e1c532badbe (4.6-branch) CVE-2017-1000014 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the t ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-3 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3d230b6ab76ff018645f2090c2664169835f465b (4.{0,4,6}-branch) CVE-2017-1000013 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakne ...) - phpmyadmin 4:4.6.6-1 (unimportant) NOTE: https://www.phpmyadmin.net/security/PMASA-2017-1 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7fe97a1f3c4695f630e39d9433b8fa7539eee30e (4.0-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1e5c0ae5b44c58296e11b92497767c8677653cba (4.4-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/4c84070ad6136c3158caa93286754ebbfbce61ab (4.6-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/e37bf40f44a3272a6709eb5b38feccac41658e3f (4.6-branch) CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying ...) NOT-FOR-US: MySQL Dumper CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the database manag ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 1a6314fe71..1d40f526fa 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -22268,6 +22268,7 @@ CVE-2018-12614 CVE-2018-12613 (An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an ...) - phpmyadmin <not-affected> (Affects 4.8.x) NOTE: https://www.phpmyadmin.net/security/PMASA-2018-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7662d02939fb3cf6f0d9ec32ac664401dcfe7490 CVE-2018-12612 RESERVED CVE-2018-12611 (OX App Suite 7.8.4 and earlier allows Directory Traversal. ...) @@ -36584,7 +36585,7 @@ CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.ph [stretch] - phpmyadmin <no-dsa> (Minor issue) [jessie] - phpmyadmin <not-affected> (Vulnerable code not present) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3e8745e8845633ae8a0054b5ee4d8babd5 NOTE: https://www.phpmyadmin.net/security/PMASA-2018-1/ CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...) NOT-FOR-US: Flight Sim Labs diff --git a/data/CVE/2019.list b/data/CVE/2019.list index b71e9b3de4..be1e609ec0 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4431,6 +4431,7 @@ CVE-2019-18622 (An issue was discovered in phpMyAdmin before 4.9.2. A crafted da [stretch] - phpmyadmin <not-affected> (vulnerable code is not present) [jessie] - phpmyadmin <not-affected> (vulnerable code is not present) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e248fea8e7111 + NOTE: https://gist.github.com/ibennetch/4ba7d2fac6f384a5039d697a110e0912 NOTE: https://www.phpmyadmin.net/security/PMASA-2019-5/ CVE-2019-18621 RESERVED |