[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Fri Aug 30 07:12:49 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca04890e by Salvatore Bonaccorso at 2019-08-30T06:12:00Z
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62,31 +62,31 @@ CVE-2019-15783 (Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc
 CVE-2019-15782 (WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or ...)
 	TODO: check
 CVE-2019-15781 (The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: facebook-by-weblizar plugin for WordPress
 CVE-2019-15780 (The formidable plugin before 4.02.01 for WordPress has unsafe deserial ...)
-	TODO: check
+	NOT-FOR-US: formidable plugin for WordPress
 CVE-2019-15779 (The insta-gallery plugin before 2.4.8 for WordPress has no nonce valid ...)
-	TODO: check
+	NOT-FOR-US: insta-gallery plugin for WordPress
 CVE-2019-15778 (The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: woo-variation-gallery plugin for WordPress
 CVE-2019-15777 (The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/a ...)
-	TODO: check
+	NOT-FOR-US: shapepress-dsgvo plugin for WordPress
 CVE-2019-15776 (The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for W ...)
-	TODO: check
+	NOT-FOR-US: simple-301-redirects-addon-bulk-uploader plugin for WordPress
 CVE-2019-15775 (The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX act ...)
-	TODO: check
+	NOT-FOR-US: nd-learning plugin for WordPress
 CVE-2019-15774 (The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX acti ...)
-	TODO: check
+	NOT-FOR-US: nd-booking plugin for WordPress
 CVE-2019-15773 (The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX actio ...)
-	TODO: check
+	NOT-FOR-US: nd-travel plugin for WordPress
 CVE-2019-15772 (The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX ac ...)
-	TODO: check
+	NOT-FOR-US: nd-donations plugin for WordPress
 CVE-2019-15771 (The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX a ...)
-	TODO: check
+	NOT-FOR-US: nd-shortcodes plugin for WordPress
 CVE-2019-15770 (The woo-address-book plugin before 1.6.0 for WordPress has save calls  ...)
-	TODO: check
+	NOT-FOR-US: woo-address-book plugin for WordPress
 CVE-2019-15769 (The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via a ...)
-	TODO: check
+	NOT-FOR-US: handl-utm-grabber plugin for WordPress
 CVE-2019-15768
 	RESERVED
 CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...)
@@ -128,7 +128,7 @@ CVE-2019-15753 (In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-cod
 CVE-2019-15752 (Docker Desktop Community Edition before 2.1.0.1 allows local users to  ...)
 	TODO: check
 CVE-2018-21007 (The woo-confirmation-email plugin before 3.2.0 for WordPress has no bl ...)
-	TODO: check
+	NOT-FOR-US: woo-confirmation-email plugin for WordPress
 CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service conditio ...)
 	TODO: check
 CVE-2019-15751
@@ -2375,11 +2375,11 @@ CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, the
 	NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4 (6.9.10-24)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830 (6.9.10-42)
 CVE-2019-14979 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Ga ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce PayPal Checkout Payment Gateway plugin for WordPress
 CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugi ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce PayU India Payment Gateway plugin for WordPress
 CVE-2019-14977 (card/pay/.../amount in the WooCommerce Instamojo Payment Gateway plugi ...)
-	TODO: check
+	NOT-FOR-US: WooCommerce Instamojo Payment Gateway plugin for WordPress
 CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_ch ...)
@@ -31600,7 +31600,7 @@ CVE-2019-4538
 CVE-2019-4537
 	RESERVED
 CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile (RSTUSRPRF) on a  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4535
 	RESERVED
 CVE-2019-4534
@@ -32406,9 +32406,9 @@ CVE-2019-4135 (IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a
 CVE-2019-4134 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
 	NOT-FOR-US: IBM
 CVE-2019-4133 (IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be impropertl ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4) could al ...)
 	NOT-FOR-US: IBM
 CVE-2019-4130



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca04890e55f7d53705ee51d871ada36ec749345d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca04890e55f7d53705ee51d871ada36ec749345d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190830/959259bc/attachment.html>

More information about the debian-security-tracker-commits mailing list