[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 14 21:19:56 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0286f662 by Salvatore Bonaccorso at 2019-08-14T20:19:17Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,68 +59,68 @@ CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Andro
CVE-2019-15026
RESERVED
CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...)
- TODO: check
+ NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...)
- TODO: check
+ NOT-FOR-US: wp-ultimate-exporter plugin for WordPress
CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSR ...)
- TODO: check
+ NOT-FOR-US: wp-ultimate-csv-importer plugin for WordPress
CVE-2017-18515 (The wp-statistics plugin before 12.0.8 for WordPress has SQL injection ...)
- TODO: check
+ NOT-FOR-US: wp-statistics plugin for WordPress
CVE-2017-18514 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...)
- TODO: check
+ NOT-FOR-US: simple-login-log plugin for WordPress
CVE-2017-18513 (The responsive-menu plugin before 3.1.4 for WordPress has no CSRF prot ...)
- TODO: check
+ NOT-FOR-US: responsive-menu plugin for WordPress
CVE-2017-18512 (The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF ...)
- TODO: check
+ NOT-FOR-US: newsletter-by-supsystic plugin for WordPress
CVE-2017-18511 (The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. ...)
- TODO: check
+ NOT-FOR-US: custom-sidebars plugin for WordPress
CVE-2017-18510 (The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related ...)
- TODO: check
+ NOT-FOR-US: custom-sidebars plugin for WordPress
CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injecti ...)
- TODO: check
+ NOT-FOR-US: nextgen-gallery plugin for WordPress
CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPr ...)
- TODO: check
+ NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPr ...)
- TODO: check
+ NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect permissi ...)
- TODO: check
+ NOT-FOR-US: wp-editor plugin for WordPress
CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...)
- TODO: check
+ NOT-FOR-US: wp-editor plugin for WordPress
CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has multiple C ...)
- TODO: check
+ NOT-FOR-US: simple-membership plugin for WordPress
CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF ...)
- TODO: check
+ NOT-FOR-US: simple-add-pages-or-posts plugin for WordPress
CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress has CSR ...)
- TODO: check
+ NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress has XSS ...)
- TODO: check
+ NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2016-10880 (The google-document-embedder plugin before 2.6.1 for WordPress has XSS ...)
- TODO: check
+ NOT-FOR-US: google-document-embedder plugin for WordPress
CVE-2015-9316 (The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injec ...)
- TODO: check
+ NOT-FOR-US: wp-fastest-cache plugin for WordPress
CVE-2015-9315 (The newstatpress plugin before 1.0.1 for WordPress has SQL injection. ...)
- TODO: check
+ NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9314 (The newstatpress plugin before 1.0.4 for WordPress has XSS related to ...)
- TODO: check
+ NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9313 (The newstatpress plugin before 1.0.5 for WordPress has SQL injection r ...)
- TODO: check
+ NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9312 (The newstatpress plugin before 1.0.5 for WordPress has XSS related to ...)
- TODO: check
+ NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9311 (The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. ...)
- TODO: check
+ NOT-FOR-US: newstatpress plugin for WordPress
CVE-2015-9310 (The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPr ...)
- TODO: check
+ NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
CVE-2015-9309 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
- TODO: check
+ NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2015-9308 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
- TODO: check
+ NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2015-9307 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
- TODO: check
+ NOT-FOR-US: wp-google-map-plugin plugin for WordPress
CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...)
- libexosip2 <unfixed> (bug #934766)
NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070
CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...)
- TODO: check
+ NOT-FOR-US: simple-fields plugin for WordPress
CVE-2019-15024
RESERVED
CVE-2019-15023
@@ -10249,7 +10249,7 @@ CVE-2019-11654
CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...)
NOT-FOR-US: Micro Focus
CVE-2019-11652 (A potential authorization bypass issue was found in Micro Focus Self S ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2019-11651
RESERVED
CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...)
@@ -41363,47 +41363,47 @@ CVE-2019-0353
CVE-2019-0352
RESERVED
CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0350
RESERVED
CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0347
RESERVED
CVE-2019-0346 (Unencrypted communication error in SAP Business Objects Business Intel ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0345 (A remote unauthenticated attacker can abuse a web service in SAP NetWe ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0344 (Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0343 (SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0342
RESERVED
CVE-2019-0341 (The session cookie used by SAP Enable Now, version 1902, does not have ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0340 (The XML parser, which is being used by SAP Enable Now, before version ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0339
RESERVED
CVE-2019-0338 (During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0337 (Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10 ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0336
RESERVED
CVE-2019-0335 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0334 (When creating a module in SAP BusinessObjects Business Intelligence Pl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0333 (In some situations, when a client cancels a query in SAP BusinessObjec ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0332 (SAP BusinessObjects Business Intelligence Platform (Info View), versio ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0331 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand C ...)
NOT-FOR-US: SAP
CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently encode use ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0286f6621bccbb1f7f8eae18a87cd9b72432ef86
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0286f6621bccbb1f7f8eae18a87cd9b72432ef86
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190814/7b51d4ac/attachment.html>
More information about the debian-security-tracker-commits
mailing list