[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Aug 21 09:28:52 BST 2019
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dc52f902 by Moritz Muehlenhoff at 2019-08-21T08:28:34Z
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,7 +18,7 @@ CVE-2019-15295
CVE-2019-15294
RESERVED
CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
- TODO: check
+ NOT-FOR-US: ACDSee
CVE-2019-15289
RESERVED
CVE-2019-15288
@@ -134,7 +134,7 @@ CVE-2019-15239 (In the Linux kernel, a certain net/ipv4/tcp_output.c change, whi
NOTE: Workaround entry for main entry as the issue never affected upstream version
NOTE: actually and is specific to the stable versions backports.
CVE-2019-15238 (The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...)
- roundcube <unfixed>
NOTE: https://github.com/roundcube/roundcubemail/issues/6891
@@ -208,17 +208,17 @@ CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/c666355e60ddb4748ead3bdd983e3f7f2224aaf0
CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2018-20977
RESERVED
CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18567 (The wp-all-import plugin before 3.4.6 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18566 (The user-role plugin before 1.5.6 for WordPress has multiple XSS issue ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18565
RESERVED
CVE-2017-18564
@@ -246,11 +246,11 @@ CVE-2017-18554
CVE-2017-18553
RESERVED
CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10913 (The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10912
RESERVED
CVE-2016-10911
@@ -262,19 +262,19 @@ CVE-2016-10909
CVE-2016-10908
RESERVED
CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9330 (The wp-all-import plugin before 3.2.5 for WordPress has blind SQL inje ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9329 (The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9328
RESERVED
CVE-2015-9327
RESERVED
CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2014-10380
RESERVED
CVE-2014-10379
@@ -288,7 +288,7 @@ CVE-2012-6715
CVE-2012-6714
RESERVED
CVE-2011-5328 (The user-access-manager plugin before 1.2 for WordPress has CSRF. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-15210
RESERVED
CVE-2019-15209
@@ -515,7 +515,7 @@ CVE-2019-15126
CVE-2019-15125
RESERVED
CVE-2018-20975 (Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/t ...)
- TODO: check
+ NOT-FOR-US: Fat Free CRM
CVE-2019-15124
RESERVED
CVE-2019-15123
@@ -641,21 +641,21 @@ CVE-2017-18535
CVE-2017-18534
RESERVED
CVE-2017-18533 (The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18532 (The realty plugin before 1.1.0 for WordPress has multiple XSS issues. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18531 (The raygun4wp plugin before 1.8.3 for WordPress has XSS in the setting ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18530 (The rating-bws plugin before 0.2 for WordPress has multiple XSS issues ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18529 (The promobar plugin before 1.1.1 for WordPress has multiple XSS issues ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18528 (The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issue ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18527 (The pagination plugin before 1.0.7 for WordPress has multiple XSS issu ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18526 (The moreads-se plugin before 1.4.7 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL injection. ...)
NOT-FOR-US: olimometer plugin for WordPress
CVE-2016-10903
@@ -675,7 +675,7 @@ CVE-2016-10897
CVE-2016-10896
RESERVED
CVE-2016-10895 (The option-tree plugin before 2.6.0 for WordPress has XSS via an add_l ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPress ha ...)
NOT-FOR-US: wp-business-intelligence-lite plugin for WordPress
CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL injection. ...)
@@ -689,7 +689,7 @@ CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for Word
CVE-2015-9321
RESERVED
CVE-2015-9320 (The option-tree plugin before 2.5.4 for WordPress has XSS related to a ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
NOT-FOR-US: i-recommend-this plugin for WordPress
CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
@@ -706,7 +706,7 @@ CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the L
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/c09581a52765a85f19fc35340127396d5e3379cc
CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has reflect ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...)
NOT-FOR-US: OpenCart
CVE-2019-15080
@@ -746,39 +746,39 @@ CVE-2019-15064
CVE-2017-18525
RESERVED
CVE-2017-18524 (The football-pool plugin before 2.6.5 for WordPress has multiple XSS i ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18523 (The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18522 (The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the a ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18521
RESERVED
CVE-2017-18520 (The democracy-poll plugin before 5.4 for WordPress has XSS via update_ ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18519 (The customer-area plugin before 7.4.3 for WordPress has XSS via admin ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18518 (The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18517 (The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS i ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2017-18516
RESERVED
CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequently, a ...)
- xtrlock <unfixed> (bug #830726)
CVE-2016-10893 (The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has mu ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10892 (The chained-quiz plugin before 1.0 for WordPress has multiple XSS issu ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2016-10891
RESERVED
CVE-2016-10890
RESERVED
CVE-2015-9319 (The gregs-high-performance-seo plugin before 1.6.2 for WordPress has X ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9318 (The awesome-support plugin before 3.1.7 for WordPress has a security i ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2015-9317 (The awesome-support plugin before 3.1.7 for WordPress has XSS via cust ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2019-15063
RESERVED
CVE-2019-15062 (An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an ...)
@@ -1799,13 +1799,13 @@ CVE-2019-14689
CVE-2019-14688
RESERVED
CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2019-14686
RESERVED
CVE-2019-14685
RESERVED
CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
NOT-FOR-US: Wordpress plugin
CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...)
@@ -14798,6 +14798,7 @@ CVE-2019-10226 (HTML Injection has been discovered in the v0.19.0 version of the
NOT-FOR-US: Fat Free CRM
CVE-2019-10225
RESERVED
+ NOT-FOR-US: OpenShift
CVE-2019-10224 [using dscreate in verbose mode results in information disclosure]
RESERVED
- 389-ds-base 1.4.1.5-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc52f9026a9c205f33b631f0f9b0a18fda235575
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dc52f9026a9c205f33b631f0f9b0a18fda235575
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190821/ede3536d/attachment.html>
More information about the debian-security-tracker-commits
mailing list