Debian Tt-Rss vulnerabilities
5 known vulnerabilities affecting debian/tt-rss.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-25787P2CRITICALCVSS 9.8PoCfixed in tt-rss 21~git20210204.b4cbc79+dfsg-1 (bookworm)2020
CVE-2020-25787 [CRITICAL] CVE-2020-25787: tt-rss - An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does...
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
Scope: local
bookworm: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
bullseye: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
sid: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
debian
CVE-2017-16896P3CRITICALCVSS 9.8fixed in tt-rss 17.4+git20180312+dfsg-1 (bookworm)2017
CVE-2017-16896 [CRITICAL] CVE-2017-16896: tt-rss - A SQL injection in classes/handler/public.php in the forgotpass component of Tin...
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
Scope: local
bookworm: resolved (fixed in 17.4+git20180312+dfsg-1)
bullseye: resolved (fixed in 17.4+git20180312+dfsg-1)
sid: resolved (fixed in 17.4+git20180312+dfsg-1)
debian
CVE-2020-25788P3HIGHCVSS 8.1fixed in tt-rss 21~git20210204.b4cbc79+dfsg-1 (bookworm)2020
CVE-2020-25788 [HIGH] CVE-2020-25788: tt-rss - An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgprox...
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.
Scope: local
bookworm: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
bullseye: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
sid: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
debian
CVE-2020-25789P4MEDIUMCVSS 6.1fixed in tt-rss 21~git20210204.b4cbc79+dfsg-1 (bookworm)2020
CVE-2020-25789 [MEDIUM] CVE-2020-25789: tt-rss - An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cac...
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
Scope: local
bookworm: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
bullseye: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
sid: resolved (fixed in 21~git20210204.b4cbc79+dfsg-1)
debian
CVE-2017-1000035P4MEDIUMCVSS 6.1fixed in tt-rss 17.1+git20170410+dfsg-1 (bookworm)2017
CVE-2017-1000035 [MEDIUM] CVE-2017-1000035: tt-rss - Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack
Scope: local
bookworm: resolved (fixed in 17.1+git20170410+dfsg-1)
bullseye: resolved (fixed in 17.1+git20170410+dfsg-1)
sid: resolved (fixed in 17.1+git20170410+dfsg-1)
debian