[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Aug 27 21:12:56 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c27c277 by Salvatore Bonaccorso at 2019-08-27T20:12:14Z
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,9 +105,9 @@ CVE-2019-15662
 CVE-2019-15661
 	RESERVED
 CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: wp-members plugin for WordPress
 CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection,  ...)
-	TODO: check
+	NOT-FOR-US: pie-register plugin for WordPress
 CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName or sc ...)
 	TODO: check
 CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute  ...)
@@ -126,69 +126,69 @@ CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in Deco
 	- wolfssl <unfixed>
 	NOTE: https://github.com/wolfSSL/wolfssl/issues/2421
 CVE-2019-15650 (The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPr ...)
-	TODO: check
+	NOT-FOR-US: stops-core-theme-and-plugin-updates plugin for WordPress
 CVE-2019-15649 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...)
-	TODO: check
+	NOT-FOR-US: insert-or-embed-articulate-content-into-wordpress plugin for WordPress
 CVE-2019-15648 (The insert-or-embed-articulate-content-into-wordpress plugin before 4. ...)
-	TODO: check
+	NOT-FOR-US: insert-or-embed-articulate-content-into-wordpress plugin for WordPress
 CVE-2019-15647 (The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-aj ...)
-	TODO: check
+	NOT-FOR-US: groundhogg plugin for WordPress
 CVE-2019-15646 (The rsvpmaker plugin before 6.2 for WordPress has SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: rsvpmaker plugin for WordPress
 CVE-2019-15645 (The zoho-salesiq plugin before 1.0.9 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: zoho-salesiq plugin for WordPress
 CVE-2019-15644 (The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: zoho-salesiq plugin for WordPress
 CVE-2019-15643 (The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: ultimate-faqs plugin for WordPress
 CVE-2018-21006 (The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: bbp-move-topics plugin for WordPress
 CVE-2018-21005 (The bbp-move-topics plugin before 1.1.6 for WordPress has code injecti ...)
-	TODO: check
+	NOT-FOR-US: bbp-move-topics plugin for WordPress
 CVE-2018-21004 (The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: rsvpmaker plugin for WordPress
 CVE-2018-21003 (The buddyforms plugin before 2.2.8 for WordPress has SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: buddyforms plugin for WordPress
 CVE-2018-21002 (The js-support-ticket plugin before 2.0.6 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: js-support-ticket plugin for WordPress
 CVE-2018-21001 (The anycomment plugin before 0.0.33 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: anycomment plugin for WordPress
 CVE-2017-18592 (The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has  ...)
-	TODO: check
+	NOT-FOR-US: woocommerce-catalog-enquiry plugin for WordPress
 CVE-2017-18591 (The gd-rating-system plugin before 2.1 for WordPress has XSS in log.ph ...)
-	TODO: check
+	NOT-FOR-US: gd-rating-system plugin for WordPress
 CVE-2017-18590 (The timesheet plugin before 0.1.5 for WordPress has multiple XSS issue ...)
-	TODO: check
+	NOT-FOR-US: timesheet plugin for WordPress
 CVE-2016-10936 (The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll b ...)
-	TODO: check
+	NOT-FOR-US: wp-polls plugin for WordPress
 CVE-2016-10935 (The woocommerce-exporter plugin before 1.8.4 for WordPress has privile ...)
-	TODO: check
+	NOT-FOR-US: woocommerce-exporter plugin for WordPress
 CVE-2016-10934 (The check-email plugin before 0.5.2 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: check-email plugin for WordPress
 CVE-2015-9352 (The wp-polls plugin before 2.72 for WordPress has SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: wp-polls plugin for WordPress
 CVE-2015-9351 (The feed-them-social plugin before 1.7.0 for WordPress has possible sh ...)
-	TODO: check
+	NOT-FOR-US: feed-them-social plugin for WordPress
 CVE-2015-9350 (The feed-them-social plugin before 1.7.0 for WordPress has reflected X ...)
-	TODO: check
+	NOT-FOR-US: feed-them-social plugin for WordPress
 CVE-2015-9349 (The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has ref ...)
-	TODO: check
+	NOT-FOR-US: ckeditor-for-wordpress plugin for WordPress
 CVE-2015-9348 (The sell-downloads plugin before 1.0.8 for WordPress has insufficient  ...)
-	TODO: check
+	NOT-FOR-US: sell-downloads plugin for WordPress
 CVE-2015-9347 (The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors. ...)
-	TODO: check
+	NOT-FOR-US: wp-plotly plugin for WordPress
 CVE-2015-9346 (The cp-polls plugin before 1.0.5 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: cp-polls plugin for WordPress
 CVE-2015-9345 (The link-log plugin before 2.0 for WordPress has HTTP Response Splitti ...)
-	TODO: check
+	NOT-FOR-US: link-log plugin for WordPress
 CVE-2015-9344 (The link-log plugin before 2.1 for WordPress has SQL injection. ...)
-	TODO: check
+	NOT-FOR-US: link-log plugin for WordPress
 CVE-2015-9343 (The wp-rollback plugin before 1.2.3 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: wp-rollback plugin for WordPress
 CVE-2015-9342 (The wp-rollback plugin before 1.2.3 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: wp-rollback plugin for WordPress
 CVE-2014-10395 (The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes li ...)
-	TODO: check
+	NOT-FOR-US: cp-polls plugin for WordPress
 CVE-2019-15642 (rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execu ...)
 	- webmin <removed>
 CVE-2019-15641 (xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. B ...)
@@ -4401,7 +4401,7 @@ CVE-2019-14316
 CVE-2019-14315 (A cross-site scripting (XSS) vulnerability in upload.php in SunHater K ...)
 	NOT-FOR-US: SunHater KCFinder
 CVE-2019-14314 (A SQL injection vulnerability exists in the Imagely NextGEN Gallery pl ...)
-	TODO: check
+	NOT-FOR-US: Imagely NextGEN Gallery plugin for WordPress
 CVE-2019-14313 (A SQL injection vulnerability exists in the 10Web Photo Gallery plugin ...)
 	NOT-FOR-US: 10Web Photo Gallery plugin for WordPress
 CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulner ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c27c2776b123e00e45d5acb39ebf75ef53e6602

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4c27c2776b123e00e45d5acb39ebf75ef53e6602
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190827/a78978cc/attachment.html>

More information about the debian-security-tracker-commits mailing list