[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Aug 14 21:19:56 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0286f662 by Salvatore Bonaccorso at 2019-08-14T20:19:17Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,68 +59,68 @@ CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Andro
 CVE-2019-15026
 	RESERVED
 CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...)
-	TODO: check
+	NOT-FOR-US: ninja-forms plugin for WordPress
 CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: wp-ultimate-exporter plugin for WordPress
 CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSR ...)
-	TODO: check
+	NOT-FOR-US: wp-ultimate-csv-importer plugin for WordPress
 CVE-2017-18515 (The wp-statistics plugin before 12.0.8 for WordPress has SQL injection ...)
-	TODO: check
+	NOT-FOR-US: wp-statistics plugin for WordPress
 CVE-2017-18514 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: simple-login-log plugin for WordPress
 CVE-2017-18513 (The responsive-menu plugin before 3.1.4 for WordPress has no CSRF prot ...)
-	TODO: check
+	NOT-FOR-US: responsive-menu plugin for WordPress
 CVE-2017-18512 (The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF ...)
-	TODO: check
+	NOT-FOR-US: newsletter-by-supsystic plugin for WordPress
 CVE-2017-18511 (The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: custom-sidebars plugin for WordPress
 CVE-2017-18510 (The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related ...)
-	TODO: check
+	NOT-FOR-US: custom-sidebars plugin for WordPress
 CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: nextgen-gallery plugin for WordPress
 CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPr ...)
-	TODO: check
+	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
 CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPr ...)
-	TODO: check
+	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
 CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect permissi ...)
-	TODO: check
+	NOT-FOR-US: wp-editor plugin for WordPress
 CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: wp-editor plugin for WordPress
 CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has multiple C ...)
-	TODO: check
+	NOT-FOR-US: simple-membership plugin for WordPress
 CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF ...)
-	TODO: check
+	NOT-FOR-US: simple-add-pages-or-posts plugin for WordPress
 CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress has CSR ...)
-	TODO: check
+	NOT-FOR-US: google-document-embedder plugin for WordPress
 CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress has XSS ...)
-	TODO: check
+	NOT-FOR-US: google-document-embedder plugin for WordPress
 CVE-2016-10880 (The google-document-embedder plugin before 2.6.1 for WordPress has XSS ...)
-	TODO: check
+	NOT-FOR-US: google-document-embedder plugin for WordPress
 CVE-2015-9316 (The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injec ...)
-	TODO: check
+	NOT-FOR-US: wp-fastest-cache plugin for WordPress
 CVE-2015-9315 (The newstatpress plugin before 1.0.1 for WordPress has SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: newstatpress plugin for WordPress
 CVE-2015-9314 (The newstatpress plugin before 1.0.4 for WordPress has XSS related to  ...)
-	TODO: check
+	NOT-FOR-US: newstatpress plugin for WordPress
 CVE-2015-9313 (The newstatpress plugin before 1.0.5 for WordPress has SQL injection r ...)
-	TODO: check
+	NOT-FOR-US: newstatpress plugin for WordPress
 CVE-2015-9312 (The newstatpress plugin before 1.0.5 for WordPress has XSS related to  ...)
-	TODO: check
+	NOT-FOR-US: newstatpress plugin for WordPress
 CVE-2015-9311 (The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. ...)
-	TODO: check
+	NOT-FOR-US: newstatpress plugin for WordPress
 CVE-2015-9310 (The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPr ...)
-	TODO: check
+	NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress
 CVE-2015-9309 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
-	TODO: check
+	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
 CVE-2015-9308 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
-	TODO: check
+	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
 CVE-2015-9307 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...)
-	TODO: check
+	NOT-FOR-US: wp-google-map-plugin plugin for WordPress
 CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...)
 	- libexosip2 <unfixed> (bug #934766)
 	NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070
 CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...)
-	TODO: check
+	NOT-FOR-US: simple-fields plugin for WordPress
 CVE-2019-15024
 	RESERVED
 CVE-2019-15023
@@ -10249,7 +10249,7 @@ CVE-2019-11654
 CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions  ...)
 	NOT-FOR-US: Micro Focus
 CVE-2019-11652 (A potential authorization bypass issue was found in Micro Focus Self S ...)
-	TODO: check
+	NOT-FOR-US: Micro Focus
 CVE-2019-11651
 	RESERVED
 CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...)
@@ -41363,47 +41363,47 @@ CVE-2019-0353
 CVE-2019-0352
 	RESERVED
 CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0350
 	RESERVED
 CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0347
 	RESERVED
 CVE-2019-0346 (Unencrypted communication error in SAP Business Objects Business Intel ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0345 (A remote unauthenticated attacker can abuse a web service in SAP NetWe ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0344 (Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0343 (SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0342
 	RESERVED
 CVE-2019-0341 (The session cookie used by SAP Enable Now, version 1902, does not have ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0340 (The XML parser, which is being used by SAP Enable Now, before version  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0339
 	RESERVED
 CVE-2019-0338 (During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752,  ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0337 (Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10 ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0336
 	RESERVED
 CVE-2019-0335 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0334 (When creating a module in SAP BusinessObjects Business Intelligence Pl ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0333 (In some situations, when a client cancels a query in SAP BusinessObjec ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0332 (SAP BusinessObjects Business Intelligence Platform (Info View), versio ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0331 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand C ...)
 	NOT-FOR-US: SAP
 CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently encode use ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0286f6621bccbb1f7f8eae18a87cd9b72432ef86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0286f6621bccbb1f7f8eae18a87cd9b72432ef86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190814/7b51d4ac/attachment.html>

More information about the debian-security-tracker-commits mailing list