[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Sep 10 21:13:08 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c2b8e46 by Salvatore Bonaccorso at 2019-09-10T20:12:31Z
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,37 +51,37 @@ CVE-2019-16189
 CVE-2019-16188
 	RESERVED
 CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
-	TODO: check
+	NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCC ...)
-	TODO: check
+	NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18609 (The magic-fields plugin before 1.7.2 for WordPress has XSS via the cus ...)
-	TODO: check
+	NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18608 (The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS ...)
-	TODO: check
+	NOT-FOR-US: spotim-comments plugin for WordPress
 CVE-2017-18607 (The avada theme before 5.1.5 for WordPress has CSRF. ...)
-	TODO: check
+	NOT-FOR-US: avada theme for WordPress
 CVE-2017-18606 (The avada theme before 5.1.5 for WordPress has stored XSS. ...)
-	TODO: check
+	NOT-FOR-US: avada theme for WordPress
 CVE-2017-18605 (The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Ob ...)
-	TODO: check
+	NOT-FOR-US: gravitate-qa-tracker plugin for WordPress
 CVE-2017-18604 (The sitebuilder-dynamic-components plugin through 1.0 for WordPress ha ...)
-	TODO: check
+	NOT-FOR-US: sitebuilder-dynamic-components plugin for WordPress
 CVE-2017-18603 (The postman-smtp plugin through 2017-10-04 for WordPress has XSS via t ...)
 	TODO: check
 CVE-2017-18602 (The examapp plugin 1.0 for WordPress has SQL injection via the wp-admi ...)
-	TODO: check
+	NOT-FOR-US: examapp plugin for WordPress
 CVE-2017-18601 (The examapp plugin 1.0 for WordPress has XSS via exam input text field ...)
-	TODO: check
+	NOT-FOR-US: examapp plugin for WordPress
 CVE-2017-18600 (The formcraft3 plugin before 3.4 for WordPress has stored XSS via the  ...)
-	TODO: check
+	NOT-FOR-US: formcraft3 plugin for WordPress
 CVE-2017-18599 (The Pinfinity theme before 2.0 for WordPress has XSS via the s paramet ...)
-	TODO: check
+	NOT-FOR-US: Pinfinity theme for WordPress
 CVE-2017-18598 (The Qards plugin through 2017-10-11 for WordPress has XSS via a remote ...)
 	TODO: check
 CVE-2017-18597 (The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL I ...)
-	TODO: check
+	NOT-FOR-US: jtrt-responsive-tables plugin for WordPress
 CVE-2017-18596 (The elementor plugin before 1.8.0 for WordPress has incorrect access c ...)
-	TODO: check
+	NOT-FOR-US: elementor plugin for WordPress
 CVE-2019-16187 (Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnl ...)
 	- limesurvey <itp> (bug #472802)
 CVE-2019-16186 (In Limesurvey before 3.17.14, admin users can access the plugin manage ...)
@@ -769,7 +769,7 @@ CVE-2019-15898 (Nagios Log Server before 2.0.8 allows Reflected XSS via the user
 CVE-2019-15897
 	RESERVED
 CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 for Wor ...)
-	TODO: check
+	NOT-FOR-US: LifterLMS plugin for WordPress
 CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 for Wor ...)
 	NOT-FOR-US: "Search Exclude" plugin for WordPress
 CVE-2019-15894
@@ -45279,15 +45279,15 @@ CVE-2019-0367
 CVE-2019-0366
 	RESERVED
 CVE-2019-0365 (SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7. ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0364 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Applic ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0363 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Applic ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0362
 	RESERVED
 CVE-2019-0361 (SAP Supplier Relationship Management (Master Data Management Catalog - ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0360
 	RESERVED
 CVE-2019-0359
@@ -45295,17 +45295,17 @@ CVE-2019-0359
 CVE-2019-0358
 	RESERVED
 CVE-2019-0357 (The administrator of SAP HANA database, before versions 1.0 and 2.0, c ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0356 (Under certain conditions SAP NetWeaver Process Integration Runtime Wor ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0355 (SAP NetWeaver Application Server Java Web Container, ENGINEAPI (before ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0354
 	RESERVED
 CVE-2019-0353 (Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before version ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...)
 	NOT-FOR-US: SAP
 CVE-2019-0350



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c2b8e4630adb32ffbad102ff85a7e4ab2e9b7ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c2b8e4630adb32ffbad102ff85a7e4ab2e9b7ef
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190910/b0642fc6/attachment.html>

More information about the debian-security-tracker-commits mailing list