[Secure-testing-commits] r36729 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Sep 17 18:31:07 UTC 2015
Author: carnil
Date: 2015-09-17 18:31:07 +0000 (Thu, 17 Sep 2015)
New Revision: 36729
Modified:
data/CVE/list
Log:
Mark wordpress plugins as NFU
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-17 18:20:05 UTC (rev 36728)
+++ data/CVE/list 2015-09-17 18:31:07 UTC (rev 36729)
@@ -98,7 +98,7 @@
CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab ...)
TODO: check
CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the ...)
- TODO: check
+ NOT-FOR-US: sourceAFRICA plugin for WordPress
CVE-2015-6919 (Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) ...)
TODO: check
CVE-2015-6918
@@ -356,7 +356,7 @@
CVE-2015-6807 (Cross-site scripting (XSS) vulnerability in the Mass Contact module ...)
TODO: check
CVE-2015-6805 (Cross-site scripting (XSS) vulnerability in the MDC Private Message ...)
- TODO: check
+ NOT-FOR-US: MDC Private Message plugin for WordPress
CVE-2015-6830 (libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin ...)
- phpmyadmin 4:4.4.14.1-1 (low)
[jessie] - phpmyadmin <no-dsa> (Minor issue)
@@ -1021,7 +1021,7 @@
CVE-2015-6536
RESERVED
CVE-2015-6535 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: YouTube Embed plugin for WordPress
CVE-2015-6534
RESERVED
CVE-2015-6533
@@ -3120,7 +3120,7 @@
CVE-2015-5682
RESERVED
CVE-2015-5681 (Unrestricted file upload vulnerability in upload.php in the Powerplay ...)
- TODO: check
+ NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5680
RESERVED
CVE-2015-5679
@@ -3314,7 +3314,7 @@
NOTE: value ChallengeResponseAuthentication is set to, which is 'no' in
NOTE: default configurations in Debian.
CVE-2015-5599 (Multiple SQL injection vulnerabilities in upload.php in the Powerplay ...)
- TODO: check
+ NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5598
RESERVED
CVE-2015-5597
@@ -3627,15 +3627,15 @@
CVE-2015-5486
RESERVED
CVE-2015-5485 (Cross-site scripting (XSS) vulnerability in the Event Import page ...)
- TODO: check
+ NOT-FOR-US: Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin for WordPress
CVE-2015-5484
RESERVED
CVE-2015-5483
RESERVED
CVE-2015-5482 (Directory traversal vulnerability in the GD bbPress Attachments plugin ...)
- TODO: check
+ NOT-FOR-US: GD bbPress Attachments plugin for WordPress
CVE-2015-5481 (Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD ...)
- TODO: check
+ NOT-FOR-US: GD bbPress Attachments plugin for WordPress
CVE-2015-5480
RESERVED
CVE-2015-5479
@@ -3664,7 +3664,7 @@
CVE-2015-5473
RESERVED
CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in the IBS ...)
- TODO: check
+ NOT-FOR-US: IBS Mappro plugin for WordPress
CVE-2015-5471
RESERVED
CVE-2015-5469
@@ -11071,7 +11071,7 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
NOTE: "Applies to client and server deployment of JSSE."
CVE-2015-2807 (Cross-site scripting (XSS) vulnerability in js/window.php in the Navis ...)
- TODO: check
+ NOT-FOR-US: Navis DocumentCloud plugin for WordPress
CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to execute ...)
{DSA-3221-1 DLA-194-1}
- das-watchdog 0.9.0-3.1 (bug #781806)
More information about the Secure-testing-commits
mailing list