diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-28 08:10:28 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-28 08:10:28 +0000 |
commit | 5e01ea2ea2df2e738b754084f3fd0a65a6ad6aef (patch) | |
tree | bc89417f0e28880071a0da7557c573e1fee76ebb /data/CVE/list | |
parent | 3998f58a7339a9880a75d747b68c6a260409c7a6 (diff) |
automatic update
Diffstat (limited to 'data/CVE/list')
-rw-r--r-- | data/CVE/list | 191 |
1 files changed, 104 insertions, 87 deletions
diff --git a/data/CVE/list b/data/CVE/list index 6076b86f53..a83067fe1b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,33 @@ +CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) + TODO: check +CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) + TODO: check +CVE-2020-8089 + RESERVED +CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) + TODO: check +CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) + TODO: check +CVE-2019-20443 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) + TODO: check +CVE-2019-20442 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) + TODO: check +CVE-2019-20441 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored ...) + TODO: check +CVE-2019-20440 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check +CVE-2019-20439 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check +CVE-2019-20438 (An issue was discovered in WSO2 API Manager 2.6.0. A potential stored ...) + TODO: check +CVE-2019-20437 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) + TODO: check +CVE-2019-20436 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) + TODO: check +CVE-2019-20435 (An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS att ...) + TODO: check +CVE-2019-20434 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check CVE-2020-8086 RESERVED CVE-2020-8085 @@ -183,10 +213,10 @@ CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for NOT-FOR-US: Intellian Aptus Web CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...) NOT-FOR-US: Intellian Aptus application for Android -CVE-2020-7998 - RESERVED -CVE-2020-7997 - RESERVED +CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...) + TODO: check +CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...) + TODO: check CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...) - dolibarr <removed> CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...) @@ -5445,8 +5475,8 @@ CVE-2020-5525 RESERVED CVE-2020-5524 RESERVED -CVE-2020-5523 - RESERVED +CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...) + TODO: check CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) NOT-FOR-US: kantan netprint App for Android CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) @@ -6144,12 +6174,12 @@ CVE-2020-5222 RESERVED CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...) NOT-FOR-US: uftpd -CVE-2020-5220 - RESERVED +CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...) + TODO: check CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...) TODO: check -CVE-2020-5218 - RESERVED +CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...) + TODO: check CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers <unfixed> (bug #949999) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c @@ -6176,8 +6206,8 @@ CVE-2020-5209 RESERVED CVE-2020-5208 RESERVED -CVE-2020-5207 - RESERVED +CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) + TODO: check CVE-2020-5206 RESERVED CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...) @@ -11793,29 +11823,29 @@ CVE-2020-3144 RESERVED CVE-2020-3143 RESERVED -CVE-2020-3142 ([CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites ...) +CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...) NOT-FOR-US: Cisco CVE-2020-3141 RESERVED CVE-2020-3140 RESERVED -CVE-2020-3139 ([CVE-2020-3139_su] A vulnerability in the out of band (OOB) management ...) +CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...) NOT-FOR-US: Cisco CVE-2020-3138 RESERVED CVE-2020-3137 RESERVED -CVE-2020-3136 ([CVE-2020-3136_su] A vulnerability in the web-based management interfa ...) +CVE-2020-3136 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2020-3135 RESERVED -CVE-2020-3134 ([CVE-2020-3134_su] A vulnerability in the zip decompression engine of ...) +CVE-2020-3134 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...) NOT-FOR-US: Cisco CVE-2020-3133 RESERVED CVE-2020-3132 RESERVED -CVE-2020-3131 ([CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for ...) +CVE-2020-3131 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...) NOT-FOR-US: Cisco CVE-2020-3130 RESERVED @@ -14957,11 +14987,9 @@ CVE-2020-1935 RESERVED CVE-2020-1934 RESERVED -CVE-2020-1933 - RESERVED +CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Maliciou ...) NOT-FOR-US: Apache NiFi -CVE-2020-1932 - RESERVED +CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset CVE-2020-1931 RESERVED @@ -14969,8 +14997,7 @@ CVE-2020-1930 RESERVED CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) TODO: check -CVE-2020-1928 - RESERVED +CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...) NOT-FOR-US: Apache NiFi CVE-2020-1927 RESERVED @@ -20152,14 +20179,12 @@ CVE-2020-0551 RESERVED CVE-2020-0550 RESERVED -CVE-2020-0549 [CacheOut attack / L1D Eviction Sampling] - RESERVED +CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...) - intel-microcode <unfixed> NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling NOTE: https://cacheoutattack.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html -CVE-2020-0548 [Vector Register Sampling] - RESERVED +CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...) - intel-microcode <unfixed> NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html @@ -23235,8 +23260,8 @@ CVE-2019-17653 RESERVED CVE-2019-17652 RESERVED -CVE-2019-17651 - RESERVED +CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...) + TODO: check CVE-2019-17650 (An Improper Neutralization of Special Elements used in a Command vulne ...) NOT-FOR-US: Fortiguard CVE-2019-17649 @@ -29158,8 +29183,8 @@ CVE-2019-15609 RESERVED CVE-2019-15608 RESERVED -CVE-2019-15607 - RESERVED +CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <= ...) + TODO: check CVE-2019-15606 RESERVED CVE-2019-15605 @@ -29196,8 +29221,8 @@ CVE-2019-15592 CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/676976 -CVE-2019-15590 - RESERVED +CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8, and < 1 ...) + TODO: check CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/497047 @@ -29207,25 +29232,25 @@ CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript {DSA-4554-1} - ruby-loofah 2.3.1+dfsg-1 (bug #942894) NOTE: https://github.com/flavorjones/loofah/issues/171 -CVE-2019-15586 - RESERVED -CVE-2019-15585 - RESERVED +CVE-2019-15586 (A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. ...) + TODO: check +CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6, and < 1 ...) + TODO: check CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and < ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/670572 -CVE-2019-15583 - RESERVED -CVE-2019-15582 - RESERVED -CVE-2019-15581 - RESERVED +CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check +CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 f ...) + TODO: check +CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLa ...) + TODO: check CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...) - gitlab <not-affected> (Only affects EE) -CVE-2019-15579 - RESERVED -CVE-2019-15578 - RESERVED +CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check +CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/636560 @@ -36877,12 +36902,12 @@ CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the in NOT-FOR-US: Honeywell CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the ...) NOT-FOR-US: EZ PLC Editor -CVE-2019-13521 - RESERVED +CVE-2019-13521 (A maliciously crafted program file opened by an unsuspecting user of R ...) + TODO: check CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...) NOT-FOR-US: Fuji Electric -CVE-2019-13519 - RESERVED +CVE-2019-13519 (A maliciously crafted program file opened by an unsuspecting user of R ...) + TODO: check CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...) NOT-FOR-US: EZAutomation CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...) @@ -44571,8 +44596,8 @@ CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScri TODO: check CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...) NOT-FOR-US: BibTeX-ruby -CVE-2019-10779 - RESERVED +CVE-2019-10779 (All versions of stroom:stroom-app before 5.5.12 and all versions of th ...) + TODO: check CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...) NOT-FOR-US: devcert-sanscache CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the "config.FunctioName ...) @@ -44596,8 +44621,8 @@ CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 us NOT-FOR-US: svg-sanitize CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...) NOT-FOR-US: IOBroker -CVE-2019-10770 - RESERVED +CVE-2019-10770 (All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and befo ...) + TODO: check CVE-2019-10769 (safer-eval is a npm package to sandbox the he evaluation of code used ...) NOT-FOR-US: safer-eval Node module CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricked into ...) @@ -52634,8 +52659,8 @@ CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) i NOT-FOR-US: UltraVNC CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...) NOT-FOR-US: UltraVNC -CVE-2019-8257 - RESERVED +CVE-2019-8257 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...) + TODO: check CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...) NOT-FOR-US: ColdFusion CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...) @@ -55461,8 +55486,8 @@ CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnera NOT-FOR-US: Adobe CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...) NOT-FOR-US: Adobe -CVE-2019-7131 - RESERVED +CVE-2019-7131 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...) + TODO: check CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...) NOT-FOR-US: Adobe CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...) @@ -59653,22 +59678,19 @@ CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (runn NOT-FOR-US: Nextcloud Lookup-Server CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Exe ...) NOT-FOR-US: Nexus Yum Repository Plugin -CVE-2019-5474 [Override Merge Request Approval Rules] - RESERVED +CVE-2019-5474 (An authorization issue was discovered in GitLab EE < 12.1.2, < 1 ...) - gitlab <not-affected> (Only affects Gitlab EE 11.8 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5473 (An authentication issue was discovered in GitLab that allowed a bypass ...) - gitlab <not-affected> (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5472 [Denial Of Service Epic Comments] - RESERVED +CVE-2019-5472 (An authorization issue was discovered in Gitlab versions < 12.1.2, ...) - gitlab <not-affected> (Only affects Gitlab EE 10.7 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5471 (An input validation and output encoding issue was discovered in the Gi ...) - gitlab <not-affected> (Only affects Gitlab EE 8.9 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5470 [Information Disclosure Vulnerability Feedback] - RESERVED +CVE-2019-5470 (An information disclosure issue was discovered GitLab versions < 12 ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -59676,8 +59698,7 @@ CVE-2019-5469 (An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5468 [User Revokation Bypass with Mattermost Integration] - RESERVED +CVE-2019-5468 (An privilege escalation issue was discovered in Gitlab versions < 1 ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -59685,18 +59706,15 @@ CVE-2019-5467 (An input validation and output encoding issue was discovered in t [experimental] - gitlab <unfixed> - gitlab <not-affected> (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5466 [IDOR Label Name Enumeration] - RESERVED +CVE-2019-5466 (An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5465 [Information Disclosure New Issue ID] - RESERVED +CVE-2019-5465 (An information disclosure issue was discovered in GitLab CE/EE 8.14 an ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5464 [SSRF Mitigation Bypass] - RESERVED +CVE-2019-5464 (A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -59704,8 +59722,7 @@ CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI badg [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5462 [Trigger Token Impersonation] - RESERVED +CVE-2019-5462 (A privilege escalation issue was discovered in GitLab CE/EE 9.0 and la ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -73780,8 +73797,7 @@ CVE-2019-0544 REJECTED CVE-2019-0543 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft -CVE-2019-0542 - REJECTED +CVE-2019-0542 (A remote code execution vulnerability exists in Xterm.js when the comp ...) - node-xterm 3.8.1-1 (unimportant; bug #926670) NOTE: nodejs not covered by security support CVE-2019-0541 (A remote code execution vulnerability exists in the way that the MSHTM ...) @@ -197803,6 +197819,7 @@ CVE-2016-4305 (A denial of service vulnerability exists in the syscall filtering CVE-2016-4304 (A denial of service vulnerability exists in the syscall filtering func ...) NOT-FOR-US: Kaspersky Internet Security KLIF driver CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library mishandles U ...) + {DLA-2080-1} - iperf3 3.1.3-1 (bug #827116) NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x) @@ -273958,8 +273975,8 @@ CVE-2013-2614 RESERVED CVE-2013-2613 RESERVED -CVE-2013-2612 - RESERVED +CVE-2013-2612 (Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.20 ...) + TODO: check CVE-2013-2611 RESERVED CVE-2013-2610 @@ -274264,8 +274281,8 @@ CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews NOT-FOR-US: Terillion Reviews plugin for Wordpress CVE-2013-2500 RESERVED -CVE-2013-2499 - RESERVED +CVE-2013-2499 (SimpleHRM 2.3 and earlier could allow remote attackers to bypass the a ...) + TODO: check CVE-2013-2498 (SQL injection vulnerability in the login page in flexycms/modules/user ...) NOT-FOR-US: SimpleHRM CVE-2013-2497 @@ -274399,8 +274416,8 @@ CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote a NOTE: http://www.wireshark.org/security/wnpa-sec-2013-10.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274 NOTE: Versions affected: 1.8.0 to 1.8.5 -CVE-2013-2474 - RESERVED +CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote attacke ...) + TODO: check CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 @@ -274955,8 +274972,8 @@ CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit NOTE: MathML added in chromium 24.x, disabled again in 25.x CVE-2012-6534 (Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to ...) NOT-FOR-US: Novell Sentinel Log Manager -CVE-2013-2267 - RESERVED +CVE-2013-2267 (PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3 ...) + TODO: check CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5 ...) {DSA-2656-1} - bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174) @@ -280027,8 +280044,8 @@ CVE-2012-6450 RESERVED CVE-2012-6449 RESERVED -CVE-2012-6448 - RESERVED +CVE-2012-6448 (Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 all ...) + TODO: check CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...) NOT-FOR-US: Splunk CVE-2012-6446 |