[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Oct 10 21:18:02 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31ec0a44 by Salvatore Bonaccorso at 2019-10-10T20:15:45Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -117,53 +117,53 @@ CVE-2019-17430 (EyouCms through 2019-07-11 has XSS related to the login.php web_
 CVE-2019-17429 (Adhouma CMS through 2019-10-09 has SQL Injection via the post.php p_id ...)
 	TODO: check
 CVE-2015-9480 (The RobotCPA plugin 5 for WordPress has directory traversal via the f. ...)
-	TODO: check
+	NOT-FOR-US: RobotCPA plugin for WordPress
 CVE-2015-9479 (The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has a ...)
 	TODO: check
 CVE-2015-9478 (prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. ...)
 	TODO: check
 CVE-2015-9477 (The Vernissage theme 1.2.8 for WordPress has insufficient restrictions ...)
-	TODO: check
+	NOT-FOR-US: Vernissage theme for WordPress
 CVE-2015-9476 (The Teardrop theme 1.8.1 for WordPress has insufficient restrictions o ...)
-	TODO: check
+	NOT-FOR-US: Teardrop theme for WordPress
 CVE-2015-9475 (The Pont theme 1.5 for WordPress has insufficient restrictions on opti ...)
-	TODO: check
+	NOT-FOR-US: Pont theme for WordPress
 CVE-2015-9474 (The Simpolio theme 1.3.2 for WordPress has insufficient restrictions o ...)
-	TODO: check
+	NOT-FOR-US: Simpolio theme for WordPress
 CVE-2015-9473 (The estrutura-basica theme through 2015-09-13 for WordPress has direct ...)
 	TODO: check
 CVE-2015-9472 (The incoming-links plugin before 0.9.10b for WordPress has referrers.p ...)
-	TODO: check
+	NOT-FOR-US: incoming-links plugin for WordPress
 CVE-2015-9471 (The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.p ...)
-	TODO: check
+	NOT-FOR-US: dzs-zoomsounds plugin for WordPress
 CVE-2015-9470 (The history-collection plugin through 1.1.1 for WordPress has director ...)
-	TODO: check
+	NOT-FOR-US: history-collection plugin for WordPress
 CVE-2015-9469 (The content-grabber plugin 1.0 for WordPress has XSS via obj_field_nam ...)
-	TODO: check
+	NOT-FOR-US: content-grabber plugin for WordPress
 CVE-2015-9468 (The broken-link-manager plugin 0.4.5 for WordPress has XSS via the pag ...)
-	TODO: check
+	NOT-FOR-US: broken-link-manager plugin for WordPress
 CVE-2015-9467 (The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelU ...)
-	TODO: check
+	NOT-FOR-US: broken-link-manager plugin for WordPress
 CVE-2015-9466 (The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostPro ...)
-	TODO: check
+	NOT-FOR-US: wti-like-post plugin for WordPress
 CVE-2015-9465 (The yet-another-stars-rating plugin before 0.9.1 for WordPress has yas ...)
-	TODO: check
+	NOT-FOR-US: yet-another-stars-rating plugin for WordPress
 CVE-2015-9464 (The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for WordPr ...)
-	TODO: check
+	NOT-FOR-US: s3bubble-amazon-s3-html-5-video-with-adverts plugin for WordPress
 CVE-2015-9463 (The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has di ...)
-	TODO: check
+	NOT-FOR-US: s3bubble-amazon-s3-audio-streaming plugin for WordPress
 CVE-2015-9462 (The awesome-filterable-portfolio plugin before 1.9 for WordPress has a ...)
-	TODO: check
+	NOT-FOR-US: awesome-filterable-portfolio plugin for WordPress
 CVE-2015-9461 (The awesome-filterable-portfolio plugin before 1.9 for WordPress has a ...)
-	TODO: check
+	NOT-FOR-US: awesome-filterable-portfolio plugin for WordPress
 CVE-2015-9460 (The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTr ...)
-	TODO: check
+	NOT-FOR-US: booking-system plugin for WordPress
 CVE-2015-9459 (The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS v ...)
-	TODO: check
+	NOT-FOR-US: searchterms-tagging-2 plugin for WordPress
 CVE-2015-9458 (The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL i ...)
-	TODO: check
+	NOT-FOR-US: searchterms-tagging-2 plugin for WordPress
 CVE-2015-9457 (The pretty-link plugin before 1.6.8 for WordPress has PrliLinksControl ...)
-	TODO: check
+	NOT-FOR-US: pretty-link plugin for WordPress
 CVE-2019-17428
 	RESERVED
 CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists ...)
@@ -907,11 +907,11 @@ CVE-2019-17074 (An issue was discovered in XunRuiCMS 4.3.1. There is a stored XS
 CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to delete ar ...)
 	NOT-FOR-US: emlog
 CVE-2019-17072 (The new-contact-form-widget (aka Contact Form Widget - Contact Query,  ...)
-	TODO: check
+	NOT-FOR-US: new-contact-form-widget (aka Contact Form Widget - Contact Query, Form Maker) plugin for WordPress
 CVE-2019-17071 (The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XS ...)
-	TODO: check
+	NOT-FOR-US: client-dash (aka Client Dash) plugin for WordPress
 CVE-2019-17070 (The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for ...)
-	TODO: check
+	NOT-FOR-US: liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin for WordPress
 CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial o ...)
 	- putty 0.73-1 (unimportant)
 	NOTE: https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
@@ -37200,7 +37200,7 @@ CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vul
 CVE-2019-4266
 	RESERVED
 CVE-2019-4265 (IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have devic ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sen ...)
 	NOT-FOR-US: IBM
 CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file inclusion, all ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31ec0a442fd4f345198e64ccc07a5cb642ef3e83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/31ec0a442fd4f345198e64ccc07a5cb642ef3e83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191010/a827afa1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list