Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-07-08 | CVE-2018-11563 | An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. | Debian_linux, Otrs | 4.6 | ||
2019-07-23 | CVE-2019-11730 | A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in... | Debian_linux, Firefox, Firefox_esr, Thunderbird, Leap, Package_hub | 6.5 | ||
2019-09-11 | CVE-2019-16217 | WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16218 | WordPress before 5.2.3 allows XSS in stored comments. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16219 | WordPress before 5.2.3 allows XSS in shortcode previews. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16220 | In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16221 | WordPress before 5.2.3 allows reflected XSS in the dashboard. | Debian_linux, Wordpress | 6.1 | ||
2019-09-11 | CVE-2019-16222 | WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | Debian_linux, Wordpress | 6.1 | ||
2020-01-21 | CVE-2019-20387 | repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | Debian_linux, Libsolv | 7.5 | ||
2022-01-10 | CVE-2022-22815 | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. | Debian_linux, Pillow | 6.5 |