Changes

Jump to: navigation, search

FLOP:CVE Monitoring

33,069 bytes added, 6 months ago
no edit summary
== State ==
The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function <tt>eix_xml</tt> might be nice. It would have to be wiped when eix was updated, of course.
 
== Example Output Fri 31 Jul 2020 02:49:59 PM EDT ==
 
Summary:
-------
CVE-2020-15953: net-libs/libetpan-1.9.3
 
Description:
-----------
[07/27/2020]
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products,
has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server
sends a "begin TLS" response, the client reads additional data (e.g., from a
meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response
injection."
 
CatPkg:
------
net-libs/libetpan
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.9.3
 
Facts:
-----
https://github.com/dinhvh/libetpan/issues/386
https://security.gentoo.org/glsa/202007-55
 
 
Summary:
-------
CVE-2020-12460: mail-filter/opendmarc-1.1.3
 
Description:
-----------
[07/27/2020]
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null
termination in the function opendmarc_xml_parse that can result in a one-byte
heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate
report. This can cause remote memory corruption when a '\0' byte overwrites the
heap metadata of the next chunk and its PREV_INUSE flag.
 
CatPkg:
------
mail-filter/opendmarc
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.1.3
 
Facts:
-----
https://github.com/trusteddomainproject/OpenDMARC/issues/64
https://sourceforge.net/projects/opendmarc/
 
 
Summary:
-------
CVE-2020-15890: dev-lang/luajit-2.0.2
 
Description:
-----------
[07/21/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
traversal is mishandled.
 
CatPkg:
------
dev-lang/luajit
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.0.2
 
Facts:
-----
https://github.com/LuaJIT/LuaJIT/issues/601
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
 
Summary:
-------
CVE-2020-15890: dev-lang/luajit-2.0.3
 
Description:
-----------
[07/21/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
traversal is mishandled.
 
CatPkg:
------
dev-lang/luajit
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.0.3
 
Facts:
-----
https://github.com/LuaJIT/LuaJIT/issues/601
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
 
Summary:
-------
CVE-2020-15890: dev-lang/luajit-2.0.4
 
Description:
-----------
[07/21/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
traversal is mishandled.
 
CatPkg:
------
dev-lang/luajit
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.0.4
 
Facts:
-----
https://github.com/LuaJIT/LuaJIT/issues/601
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
 
Summary:
-------
CVE-2020-15890: dev-lang/luajit-2.0.5
 
Description:
-----------
[07/21/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
traversal is mishandled.
 
CatPkg:
------
dev-lang/luajit
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.0.5
 
Facts:
-----
https://github.com/LuaJIT/LuaJIT/issues/601
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-5.0.25
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.0.25
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-6.0.3
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
6.0.3
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-6.0.4
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
6.0.4
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-6.0.5
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
6.0.5
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-6.0.7
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
6.0.7
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
 
Summary:
-------
CVE-2020-14928: gnome-extra/evolution-data-server-3.36.2
 
Description:
-----------
[07/17/2020]
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that
affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads
additional data and evaluates it in a TLS context, aka "response injection."
 
CatPkg:
------
gnome-extra/evolution-data-server
 
KitBranch:
---------
gnome-kit/3.36-prime
 
labels:
------
security
 
AffectsVersions:
---------------
3.36.2
 
Facts:
-----
https://bugzilla.suse.com/show_bug.cgi?id=1173910
https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html
https://security-tracker.debian.org/tracker/DLA-2281-1
https://security-tracker.debian.org/tracker/DSA-4725-1
https://usn.ubuntu.com/4429-1/
https://www.debian.org/security/2020/dsa-4725
 
 
Summary:
-------
CVE-2020-15852: app-emulation/xen-4.10.3-r1
 
Description:
-----------
[07/20/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
Xen, aka CID-cadfad870154.
 
CatPkg:
------
app-emulation/xen
 
KitBranch:
---------
nokit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.10.3-r1
 
Facts:
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
http://xenbits.xen.org/xsa/advisory-329.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
 
Summary:
-------
CVE-2020-15852: app-emulation/xen-4.11.1-r3
 
Description:
-----------
[07/20/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
Xen, aka CID-cadfad870154.
 
CatPkg:
------
app-emulation/xen
 
KitBranch:
---------
nokit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.11.1-r3
 
Facts:
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
http://xenbits.xen.org/xsa/advisory-329.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
 
Summary:
-------
CVE-2020-15852: app-emulation/xen-4.12.0-r1
 
Description:
-----------
[07/20/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
Xen, aka CID-cadfad870154.
 
CatPkg:
------
app-emulation/xen
 
KitBranch:
---------
nokit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.12.0-r1
 
Facts:
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
http://xenbits.xen.org/xsa/advisory-329.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
 
Summary:
-------
CVE-2020-15121: dev-util/radare2-3.4.1
 
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
path cause shell injection. To trigger the problem it's required to open the
executable in radare2 and run idpd to trigger the download. The shell code will
execute, and will create a file called pwned in the current directory.
 
CatPkg:
------
dev-util/radare2
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.4.1
 
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://github.com/radareorg/radare2/issues/16945
https://github.com/radareorg/radare2/pull/16966
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 
 
Summary:
-------
CVE-2020-15121: dev-util/radare2-3.5.0
 
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
path cause shell injection. To trigger the problem it's required to open the
executable in radare2 and run idpd to trigger the download. The shell code will
execute, and will create a file called pwned in the current directory.
 
CatPkg:
------
dev-util/radare2
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.5.0
 
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://github.com/radareorg/radare2/issues/16945
https://github.com/radareorg/radare2/pull/16966
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 
 
Summary:
-------
CVE-2020-15121: dev-util/radare2-3.5.1
 
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
path cause shell injection. To trigger the problem it's required to open the
executable in radare2 and run idpd to trigger the download. The shell code will
execute, and will create a file called pwned in the current directory.
 
CatPkg:
------
dev-util/radare2
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.5.1
 
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://github.com/radareorg/radare2/issues/16945
https://github.com/radareorg/radare2/pull/16966
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
 
 
Summary:
-------
CVE-2020-14001: dev-ruby/kramdown-1.17.0
 
Description:
-----------
[07/17/2020]
The kramdown gem before 2.3.0 for Ruby processes the template option inside
Kramdown documents by default, which allows unintended read access (such as
template="/etc/passwd") or unintended embedded Ruby code execution (such as a
string that begins with template="string://<%= `). NOTE: kramdown is used in
Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
 
CatPkg:
------
dev-ruby/kramdown
 
KitBranch:
---------
ruby-kit/2.6-prime
 
labels:
------
security
 
AffectsVersions:
---------------
1.17.0
 
Facts:
-----
https://github.com/gettalong/kramdown
https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0
https://kramdown.gettalong.org
https://kramdown.gettalong.org/news.html
https://rubygems.org/gems/kramdown
 
 
Summary:
-------
CVE-2020-15586: dev-lang/go-1.12.17
 
Description:
-----------
[07/17/2020]
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http
servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads
a request body and writes a response at the same time.
 
CatPkg:
------
dev-lang/go
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.12.17
 
Facts:
-----
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/
https://www.cloudfoundry.org/blog/cve-2020-15586/
 
 
Summary:
-------
CVE-2020-14039: dev-lang/go-1.12.17
 
Description:
-----------
[07/17/2020]
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a
check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots
equals nil and the installation is on Windows). Thus, X.509 certificate
verification is incomplete.
 
CatPkg:
------
dev-lang/go
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.12.17
 
Facts:
-----
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
https://groups.google.com/forum/#!forum/golang-announce
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.16
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.16
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.16
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.16
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.16
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.16
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.21
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.21
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.21
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.21
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.23
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.23
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.23
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.23
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.23
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.23
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-3.0.26
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.0.26
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-3.0.26
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.0.26
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-3.0.26
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.0.26
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.6
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.6
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.6
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.6
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.7
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.7
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.7
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.7
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.7
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.7
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.9
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.9
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.9
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.9
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-3.2.11
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.2.11
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-3.4.15
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.4.15
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.2.3
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.2.3
 
Facts:
-----
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
wiki-users
780
edits

Navigation menu