[Secure-testing-commits] r32786 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Mar 11 12:40:29 UTC 2015
Author: carnil
Date: 2015-03-11 12:40:29 +0000 (Wed, 11 Mar 2015)
New Revision: 32786
Modified:
data/CVE/list
Log:
Mark wordpress plugins and themes as NFU
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-03-11 12:40:20 UTC (rev 32785)
+++ data/CVE/list 2015-03-11 12:40:29 UTC (rev 32786)
@@ -138,15 +138,15 @@
CVE-2015-2221
RESERVED
CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms ...)
- TODO: check
+ NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2015-2219
RESERVED
CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin for WordPress
CVE-2015-2217
RESERVED
CVE-2015-2216 (SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme ...)
- TODO: check
+ NOT-FOR-US: Photocrati theme for WordPress
CVE-2015-2215 (Open redirect vulnerability in the Services single sign-on server ...)
TODO: check
CVE-2015-2214 (NetCat 5.01 and earlier allows remote attackers to obtain the ...)
@@ -160,7 +160,7 @@
CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in ...)
TODO: check
CVE-2014-9688 (Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for ...)
- TODO: check
+ NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google ...)
- chromium-browser 41.0.2272.76-1
[wheezy] - chromium-browser <end-of-life>
@@ -978,7 +978,7 @@
CVE-2015-1875
RESERVED
CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
- TODO: check
+ NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-1873
RESERVED
CVE-2015-1872
@@ -4163,9 +4163,9 @@
CVE-2015-0896
RESERVED
CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP ...)
- TODO: check
+ NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
CVE-2015-0894 (SQL injection vulnerability in the All In One WP Security & Firewall ...)
- TODO: check
+ NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
CVE-2015-0893 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)
NOT-FOR-US: Maroyaka
CVE-2015-0892 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)
More information about the Secure-testing-commits
mailing list