[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Sep 26 10:02:47 BST 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4fd62007 by Salvatore Bonaccorso at 2019-09-26T09:02:19Z
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -76,85 +76,85 @@ CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the fi
 CVE-2019-16866
 	RESERVED
 CVE-2015-9449 (The microblog-poster plugin before 1.6.2 for WordPress has SQL Injecti ...)
-	TODO: check
+	NOT-FOR-US: microblog-poster plugin for WordPress
 CVE-2015-9448 (The sendpress plugin before 1.2 for WordPress has SQL Injection via th ...)
-	TODO: check
+	NOT-FOR-US: sendpress plugin for WordPress
 CVE-2015-9447 (The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQ ...)
-	TODO: check
+	NOT-FOR-US: unite-gallery-lite plugin for WordPress
 CVE-2015-9446 (The unite-gallery-lite plugin before 1.5 for WordPress has SQL injecti ...)
-	TODO: check
+	NOT-FOR-US: unite-gallery-lite plugin for WordPress
 CVE-2015-9445 (The unite-gallery-lite plugin before 1.5 for WordPress has CSRF and SQ ...)
-	TODO: check
+	NOT-FOR-US: unite-gallery-lite plugin for WordPress
 CVE-2015-9444 (The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-conten ...)
-	TODO: check
+	NOT-FOR-US: altos-connect plugin for WordPress
 CVE-2015-9443 (The accurate-form-data-real-time-form-validation plugin 1.2 for WordPr ...)
-	TODO: check
+	NOT-FOR-US: accurate-form-data-real-time-form-validation plugin for WordPress
 CVE-2015-9442 (The avenirsoft-directdownload plugin 1.0 for WordPress has CSRF with r ...)
-	TODO: check
+	NOT-FOR-US: avenirsoft-directdownload plugin for WordPress
 CVE-2015-9441 (The bookmarkify plugin 2.9.2 for WordPress has CSRF with resultant XSS ...)
-	TODO: check
+	NOT-FOR-US: bookmarkify plugin for WordPress
 CVE-2015-9440 (The monetize plugin through 1.03 for WordPress has CSRF with resultant ...)
-	TODO: check
+	NOT-FOR-US: monetize plugin for WordPress
 CVE-2015-9439 (The addthis plugin before 5.0.13 for WordPress has CSRF with resultant ...)
-	TODO: check
+	NOT-FOR-US: addthis plugin for WordPress
 CVE-2015-9438 (The display-widgets plugin before 2.04 for WordPress has XSS via the w ...)
-	TODO: check
+	NOT-FOR-US: display-widgets plugin for WordPress
 CVE-2015-9437 (The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with r ...)
-	TODO: check
+	NOT-FOR-US: dynamic-widgets plugin for WordPress
 CVE-2015-9436 (The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the ...)
-	TODO: check
+	NOT-FOR-US: dynamic-widgets plugin for WordPress
 CVE-2015-9435 (The oauth2-provider plugin before 3.1.5 for WordPress has incorrect ge ...)
-	TODO: check
+	NOT-FOR-US: oauth2-provider plugin for WordPress
 CVE-2015-9434 (The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with ...)
-	TODO: check
+	NOT-FOR-US: kiwi-logo-carousel plugin for WordPress
 CVE-2015-9433 (The wp-social-bookmarking-light plugin before 1.7.10 for WordPress has ...)
-	TODO: check
+	NOT-FOR-US: wp-social-bookmarking-light plugin for WordPress
 CVE-2015-9432 (The alpine-photo-tile-for-instagram plugin before 1.2.7.6 for WordPres ...)
-	TODO: check
+	NOT-FOR-US: alpine-photo-tile-for-instagram plugin for WordPress
 CVE-2015-9431 (The qtranslate-x plugin before 3.4.4 for WordPress has CSRF with resul ...)
-	TODO: check
+	NOT-FOR-US: qtranslate-x plugin for WordPress
 CVE-2015-9430 (The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User- ...)
-	TODO: check
+	NOT-FOR-US: crazy-bone plugin for WordPress
 CVE-2015-9429 (The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF w ...)
-	TODO: check
+	NOT-FOR-US: yith-maintenance-mode plugin for WordPress
 CVE-2015-9428 (The wplegalpages plugin before 1.1 for WordPress has CSRF with resulta ...)
-	TODO: check
+	NOT-FOR-US: wplegalpages plugin for WordPress
 CVE-2015-9427 (The googmonify plugin through 0.5.1 for WordPress has CSRF with result ...)
-	TODO: check
+	NOT-FOR-US: googmonify plugin for WordPress
 CVE-2015-9426 (The manual-image-crop plugin before 1.11 for WordPress has CSRF with r ...)
-	TODO: check
+	NOT-FOR-US: manual-image-crop plugin for WordPress
 CVE-2015-9425 (The social-locker plugin before 4.2.5 for WordPress has CSRF with resu ...)
-	TODO: check
+	NOT-FOR-US: social-locker plugin for WordPress
 CVE-2015-9424 (The multicons plugin before 3.0 for WordPress has CSRF with resultant  ...)
-	TODO: check
+	NOT-FOR-US: multicons plugin for WordPress
 CVE-2015-9423 (The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XS ...)
-	TODO: check
+	NOT-FOR-US: PlugNedit Adaptive Editor plugin for WordPress
 CVE-2015-9422 (The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has CS ...)
-	TODO: check
+	NOT-FOR-US: PlugNedit Adaptive Editor plugin for WordPress
 CVE-2015-9421 (The olevmedia-shortcodes plugin before 1.1.9 for WordPress has CSRF wi ...)
-	TODO: check
+	NOT-FOR-US: olevmedia-shortcodes plugin for WordPress
 CVE-2015-9420 (The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via t ...)
-	TODO: check
+	NOT-FOR-US: soundcloud-is-gold plugin for WordPress
 CVE-2015-9419 (The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or C ...)
-	TODO: check
+	NOT-FOR-US: captain-slider plugin for WordPress
 CVE-2015-9418 (The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that allows  ...)
-	TODO: check
+	NOT-FOR-US: Watu Pro plugin for WordPress
 CVE-2015-9417 (The testimonial-slider plugin through 1.2.1 for WordPress has CSRF wit ...)
-	TODO: check
+	NOT-FOR-US: testimonial-slider plugin for WordPress
 CVE-2015-9416 (The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPr ...)
 	TODO: check
 CVE-2015-9415 (The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclu ...)
-	TODO: check
+	NOT-FOR-US: bj-lazy-load plugin for WordPress
 CVE-2015-9414 (The wp-symposium plugin through 15.8.1 for WordPress has XSS via the w ...)
-	TODO: check
+	NOT-FOR-US: wp-symposium plugin for WordPress
 CVE-2015-9413 (The eshop plugin through 6.3.13 for WordPress has CSRF with resultant  ...)
-	TODO: check
+	NOT-FOR-US: eshop plugin for WordPress
 CVE-2015-9412 (The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rst ...)
-	TODO: check
+	NOT-FOR-US: Royal-Slider plugin for WordPress
 CVE-2015-9411 (The Postmatic plugin before 1.4.6 for WordPress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: Postmatic plugin for WordPress
 CVE-2015-9410 (The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS v ...)
-	TODO: check
+	NOT-FOR-US: Blubrry PowerPress Podcasting plugin for WordPress
 CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-16865
@@ -35001,7 +35001,7 @@ CVE-2019-4573
 CVE-2019-4572
 	RESERVED
 CVE-2019-4571 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2019-4570
 	RESERVED
 CVE-2019-4569



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4fd620079623aa07cc8e0bad0df6059c792d50e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4fd620079623aa07cc8e0bad0df6059c792d50e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190926/45482ee8/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list