View | Details | Raw Unified | Return to bug 249472
Collapse All | Expand All

(-)b/security/vuxml/vuln.xml (-1 / +35 lines)
Lines 58-63 Notes: Link Here
58
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
58
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59
-->
59
-->
60
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
60
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
61
  <vuln vid="2eec1e85-faf3-11ea-8ac0-4437e6ad11c4">
62
    <topic>tt-rss -- multiple vulnerabilities</topic>
63
    <affects>
64
      <package>
65
	<name>tt-rss</name>
66
	<range><lt>g20200919</lt></range>
67
      </package>
68
    </affects>
69
    <description>
70
      <body xmlns="http://www.w3.org/1999/xhtml">
71
	<p>tt-rss project reports:</p>
72
	<blockquote cite="https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799">
73
	  <p>The cached_url feature mishandles JavaScript inside an SVG document.</p>
74
	  <p>imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.</p>
75
	  <p>It does not validate all URLs before requesting them.</p>
76
	</blockquote>
77
	<blockquote cite="https://community.tt-rss.org/t/replace-php-gettext/2889">
78
	  <p>Allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.</p>
79
	</blockquote>
80
      </body>
81
    </description>
82
    <references>
83
	<url>https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799</url>
84
	<url>https://community.tt-rss.org/t/replace-php-gettext/2889</url>
85
	<cvename>CVE-2020-25789</cvename>
86
	<cvename>CVE-2020-25788</cvename>
87
	<cvename>CVE-2020-25787</cvename>
88
	<cvename>CVE-2016-6175</cvename>
89
    </references>
90
    <dates>
91
      <discovery>2020-09-15</discovery>
92
      <entry>2020-09-20</entry>
93
    </dates>
94
  </vuln>
95
61
  <vuln vid="24ace516-fad7-11ea-8d8c-005056a311d1">
96
  <vuln vid="24ace516-fad7-11ea-8d8c-005056a311d1">
62
    <topic>samba -- Unauthenticated domain takeover via netlogon</topic>
97
    <topic>samba -- Unauthenticated domain takeover via netlogon</topic>
63
    <affects>
98
    <affects>
64
- 

Return to bug 249472