[Git][security-tracker-team/security-tracker][master] Unify naming of one NFU
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 25 21:31:28 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
19b423de by Salvatore Bonaccorso at 2022-04-25T22:30:52+02:00
Unify naming of one NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11369,7 +11369,7 @@ CVE-2022-25602 (Nonce token leak vulnerability leading to arbitrary file upload,
CVE-2022-25601 (Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25600 (Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marke ...)
- NOT-FOR-US: WordPress Plugin
+ NOT-FOR-US: WordPress plugin
CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...)
NOT-FOR-US: WordPress plugin
CVE-2022-25598 (Apache DolphinScheduler user registration is vulnerable to Regular exp ...)
@@ -35873,13 +35873,13 @@ CVE-2021-42552 (Cross-site Scripting (XSS) vulnerability in ArchivistaBox webcli
CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...)
NOT-FOR-US: AlCoda NetBiblio WebOPAC
CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-42547 (Insufficient Input Validation in the search functionality of Wordpress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-42546 (Insufficient Input Validation in the search functionality of Wordpress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...)
NOT-FOR-US: Business-DNA Solutions
CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...)
@@ -51263,9 +51263,9 @@ CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilit
CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36868
@@ -51341,7 +51341,7 @@ CVE-2021-36834
CVE-2021-36833
RESERVED
CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin ̵ ...)
- NOT-FOR-US: Wordpress plugins
+ NOT-FOR-US: WordPress plugins
CVE-2021-36831
RESERVED
CVE-2021-36830
@@ -56525,9 +56525,9 @@ CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to Ref
CVE-2021-34662
RESERVED
CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Re ...)
NOT-FOR-US: WordPress plugin
CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to Reflecte ...)
@@ -82276,11 +82276,11 @@ CVE-2021-24559
CVE-2021-24558 (The pspin_duplicate_post_save_as_new_post function of the Project Stat ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24557 (The update functionality in the rslider_page uses an rs_id POST parame ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24556 (The kento_email_subscriber_ajax AJAX action of the Email Subscriber Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24555 (The daac_delete_booking_callback function, hooked to the daac_delete_b ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24554 (The Paytm – Donation Plugin WordPress plugin through 1.3.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24553 (The Timeline Calendar WordPress plugin through 1.2 does not sanitise, ...)
@@ -82346,11 +82346,11 @@ CVE-2021-24524 (The GiveWP – Donation Plugin and Fundraising Platform Word
CVE-2021-24523 (The Daily Prayer Time WordPress plugin before 2021.08.10 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24522 (The User Registration, User Profile, Login & Membership – Pr ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24521 (The Side Menu Lite – add sticky fixed buttons WordPress plugin b ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24520 (The Stock in & out WordPress plugin through 1.0.4 lacks proper san ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24519 (The VikRentCar Car Rental Management System WordPress plugin before 1. ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does ...)
@@ -82372,21 +82372,21 @@ CVE-2021-24511 (The fetch_product_ajax functionality in the Product Feed on WooC
CVE-2021-24510 (The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24508 (The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24507 (The Astra Pro Addon WordPress plugin before 3.5.2 did not properly san ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24506 (The Slider Hero with Animation, Video Background & Intro Maker Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24505 (The Forms WordPress plugin before 1.12.3 did not sanitise its input fi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24504 (The WP LMS – Best WordPress LMS Plugin WordPress plugin through ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24503 (The Popular Brand Icons – Simple Icons WordPress plugin before 2 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24502 (The WP Google Map WordPress plugin before 1.7.7 did not sanitise or es ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24501 (The Workreap WordPress theme before 2.2.2 had several AJAX actions mis ...)
NOT-FOR-US: Wordpress theme
CVE-2021-24500 (Several AJAX actions available in the Workreap WordPress theme before ...)
@@ -82400,9 +82400,9 @@ CVE-2021-24497 (The Giveaway WordPress plugin through 1.2.2 is vulnerable to an
CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise, ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24495 (The Marmoset Viewer WordPress plugin before 1.9.3 does not property sa ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24493 (The shopp_upload_file AJAX action of the Shopp WordPress plugin throug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24492 (The hndtst_action_instance_callback AJAX call of the Handsome Testimon ...)
@@ -82456,7 +82456,7 @@ CVE-2021-24469
CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape some sho ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24465 (The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, vali ...)
@@ -82482,13 +82482,13 @@ CVE-2021-24456 (The Quiz Maker WordPress plugin before 6.2.0.9 did not properly
CVE-2021-24455 (The Tutor LMS – eLearning and online course solution WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to path tr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected by a ref ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24450 (The User Registration, User Profiles, Login & Membership – P ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24449
@@ -82506,13 +82506,13 @@ CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Catego
CVE-2021-24443 (The About Me widget of the Youzify – BuddyPress Community, User ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress plugin bef ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitis ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed authenti ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24438 (The ShareThis Dashboard for Google Analytics WordPress plugin before 2 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24437 (The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 do ...)
@@ -82522,7 +82522,7 @@ CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable
CVE-2021-24435 (The iframe-font-preview.php file of the titan-framework does not prope ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24434 (The Glass WordPress plugin through 1.3.2 does not sanitise or escape i ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24433
RESERVED
CVE-2021-24432
@@ -82530,31 +82530,31 @@ CVE-2021-24432
CVE-2021-24431 (The Language Bar Flags WordPress plugin through 1.0.8 does not have an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24430 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does not proper ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24428 (The RSS for Yandex Turbo WordPress plugin through 1.30 does not saniti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or e ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24426 (The Backup by 10Web – Backup and Restore Plugin WordPress plugin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Heade ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24424 (The WP Reset – Most Advanced WordPress Reset Tool WordPress plug ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24423 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.6.59 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24422
RESERVED
CVE-2021-24421 (The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or esc ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24420 (The Request a Quote WordPress plugin before 2.3.4 did not sanitise and ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24419 (The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 do ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24417
RESERVED
CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin before 2.1.1 ...)
@@ -82572,15 +82572,15 @@ CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF
CVE-2021-24410 (The తెలుగు బైబ&# ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GE ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or validat ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24407 (The Jannah WordPress theme before 5.4.5 did not properly sanitize the ...)
NOT-FOR-US: Wordpress theme
CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate the re ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24405 (The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24404 (The options.php file of the WP-Board WordPress plugin through 1.1 beta ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24403 (The Orders functionality in the WordPress Page Contact plugin through ...)
@@ -82612,17 +82612,17 @@ CVE-2021-24391 (An editid GET parameter of the Cashtomer WordPress plugin throug
CVE-2021-24390 (A proid GET parameter of the WordPress支付宝Alipay|& ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24389 (The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24388 (In the VikRentCar Car Rental Management System WordPress plugin before ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24387 (The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly ...)
NOT-FOR-US: Wordpress theme
CVE-2021-24386 (The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24385 (The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24384 (The joomsport_md_load AJAX action of the JoomSport WordPress plugin be ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, va ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...)
@@ -82844,7 +82844,7 @@ CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sa
CVE-2021-24274 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not s ...)
NOT-FOR-US: Supsystic WordPress plugin
CVE-2021-24273 (The “Clever Addons for Elementor” WordPress Plugin before ...)
- NOT-FOR-US: WordPress Plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24272 (The fitness calculators WordPress plugin before 1.9.6 add calculators ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24271 (The “Ultimate Addons for Elementor” WordPress Plugin befor ...)
@@ -82948,7 +82948,7 @@ CVE-2021-24223 (The N5 Upload Form WordPress plugin through 1.0 suffers from an
CVE-2021-24222 (The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from ...)
NOT-FOR-US: WP-Curriculo Vitae Free WordPress plugin
CVE-2021-24221 (The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin f ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24220 (Thrive “Legacy” Rise by Thrive Themes WordPress theme befo ...)
NOT-FOR-US: WordPress theme
CVE-2021-24219 (The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments ...)
@@ -82966,29 +82966,29 @@ CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8
CVE-2021-24213 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24211 (The WordPress Related Posts plugin through 3.6.4 contains an authentic ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24210 (There is an open redirect in the PhastPress WordPress plugin before 1. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24209 (The WP Super Cache WordPress plugin before 1.7.2 was affected by an au ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24208 (The editor of the WP Page Builder WordPress plugin before 1.2.4 allows ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24207 (By default, the WP Page Builder WordPress plugin before 1.2.4 allows s ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24206 (In the Elementor Website Builder WordPress plugin before 3.1.4, the im ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24205 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ic ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24204 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ac ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24203 (In the Elementor Website Builder WordPress plugin before 3.1.4, the di ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24202 (In the Elementor Website Builder WordPress plugin before 3.1.4, the he ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24201 (In the Elementor Website Builder WordPress plugin before 3.1.4, the co ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24200 (The wpDataTables – Tables & Table Charts premium WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24199 (The wpDataTables – Tables & Table Charts premium WordPress p ...)
@@ -82998,7 +82998,7 @@ CVE-2021-24198 (The wpDataTables – Tables & Table Charts premium WordP
CVE-2021-24197 (The wpDataTables – Tables & Table Charts premium WordPress p ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24195 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24194 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
@@ -83016,81 +83016,81 @@ CVE-2021-24189 (Low privileged users can use the AJAX action 'cp_plugins_do_butt
CVE-2021-24188 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect Manager ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function pair from ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24185 (The tutor_place_rating AJAX action from the Tutor LMS – eLearnin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24184 (Several AJAX endpoints in the Tutor LMS – eLearning and online c ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24183 (The tutor_quiz_builder_get_question_form AJAX action from the Tutor LM ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24182 (The tutor_quiz_builder_get_answers_by_question AJAX action from the Tu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24181 (The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24180 (Unvalidated input and lack of output encoding within the Related Posts ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24179 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24178 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24177 (In the default configuration of the File Manager WordPress plugin befo ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24176 (The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the re ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24175 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24174 (The Database Backups WordPress plugin through 1.2.2.6 does not have CS ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24173 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24172 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24171 (The WooCommerce Upload Files WordPress plugin before 59.4 ran a single ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24170 (The REST API endpoint get_users in the User Profile Picture WordPress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24169 (This Advanced Order Export For WooCommerce WordPress plugin before 3.1 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24168 (The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not prop ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24167 (When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_lo ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24166 (The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form R ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24165 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24164 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low- ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24163 (The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, di ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24162 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24161 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24160 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, s ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24159 (Due to the lack of sanitization and lack of nonce protection on the cu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24158 (Orbit Fox by ThemeIsle has a feature to add a registration form to bot ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24157 (Orbit Fox by ThemeIsle has a feature to add custom scripts to the head ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24156 (Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24155 (The WordPress Backup and Migrate Plugin – Backup Guard WordPress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24154 (The Theme Editor WordPress plugin before 2.6 did not validate the GET ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24153 (A Stored Cross-Site Scripting vulnerability was discovered in the Yoas ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was vulnerable to ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24151
RESERVED
CVE-2021-24150 (The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...)
NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, versions be ...)
@@ -83976,7 +83976,7 @@ CVE-2021-23835 (An issue was discovered in flatCore before 2.0.0 build 139. A lo
CVE-2021-3125 (In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 & ...)
NOT-FOR-US: TP-Link
CVE-2021-3124 (Stored cross-site scripting (XSS) in form field in robust.systems prod ...)
- NOT-FOR-US: WordPress Plugin Custom Global Variables
+ NOT-FOR-US: WordPress plugin Custom Global Variables
CVE-2021-3123
RESERVED
CVE-2021-3122 (CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers per ...)
@@ -92904,13 +92904,13 @@ CVE-2021-20784 (HTTP header injection vulnerability in Everything all versions e
CVE-2021-20783 (Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-W ...)
NOT-FOR-US: Optical BB unit E-WMTA2.3
CVE-2021-20782 (Cross-site request forgery (CSRF) vulnerability in Software License Ma ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-20781 (Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-20780 (Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Cu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-20779 (Cross-site request forgery (CSRF) vulnerability in WordPress Email Tem ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-20778 (Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 seri ...)
NOT-FOR-US: EC-CUBE
CVE-2021-20777 (Improper authorization in handler for custom URL scheme vulnerability ...)
@@ -92976,7 +92976,7 @@ CVE-2021-20748 (Retty App for Android versions prior to 4.8.13 and Retty App for
CVE-2021-20747 (Improper authorization in handler for custom URL scheme vulnerability ...)
NOT-FOR-US: Retty App
CVE-2021-20746 (Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 an ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2021-20745 (Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitra ...)
NOT-FOR-US: Inkdrop
CVE-2021-20744 (Cross-site scripting vulnerability in EC-CUBE Category contents plugin ...)
@@ -99400,7 +99400,7 @@ CVE-2020-29047 (The wp-hotel-booking plugin through 1.10.2 for WordPress allows
CVE-2020-29046
RESERVED
CVE-2020-29045 (The food-and-drink-menu plugin through 2.2.0 for WordPress allows remo ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-29044
RESERVED
CVE-2020-29043 (An issue was discovered in BigBlueButton through 2.2.29. When at attac ...)
@@ -108315,7 +108315,7 @@ CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injectio
CVE-2020-26877
RESERVED
CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-26875
RESERVED
CVE-2020-26874
@@ -108892,7 +108892,7 @@ CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0
CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...)
NOT-FOR-US: LG mobile devices
CVE-2020-26596 (The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-26595
RESERVED
CVE-2020-26594
@@ -112062,17 +112062,17 @@ CVE-2020-25382
CVE-2020-25381
RESERVED
CVE-2020-25380 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affe ...)
- NOT-FOR-US: Wordpress Plugin Store / Mike Rooijackers Recall Products
+ NOT-FOR-US: WordPress plugin Store / Mike Rooijackers Recall Products
CVE-2020-25379 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails t ...)
- NOT-FOR-US: Wordpress Plugin Store / Mike Rooijackers Recall Products
+ NOT-FOR-US: WordPress plugin Store / Mike Rooijackers Recall Products
CVE-2020-25378 (Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is ...)
- NOT-FOR-US: Wordpress Plugin Store / AccessPress Themes WP Floating Menu
+ NOT-FOR-US: WordPress plugin Store / AccessPress Themes WP Floating Menu
CVE-2020-25377
RESERVED
CVE-2020-25376
RESERVED
CVE-2020-25375 (Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affect ...)
- NOT-FOR-US: Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM
+ NOT-FOR-US: WordPress plugin Store / SoftradeWeb SNC WP SMART CRM
CVE-2020-25374 (CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers t ...)
NOT-FOR-US: CyberArk Privileged Session Manager (PSM)
CVE-2020-25373
@@ -114508,7 +114508,7 @@ CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via th
CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticat ...)
NOT-FOR-US: TP-Link
CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-24362
RESERVED
CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...)
@@ -122529,9 +122529,9 @@ CVE-2020-20636
CVE-2020-20635
RESERVED
CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-20633 (ajax_policy_generator in admin/modules/cli-policy-generator/classes/cl ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-20632
RESERVED
CVE-2020-20631
@@ -139535,7 +139535,7 @@ CVE-2020-13489
CVE-2020-13488
RESERVED
CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...)
NOT-FOR-US: Craft CMS plugin
CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...)
@@ -157489,9 +157489,9 @@ CVE-2020-7050 (Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While c
CVE-2020-7049 (Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_li ...)
NOT-FOR-US: Nozomi Networks OS
CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ...)
- dovecot <not-affected> (Only affects 2.3.9)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1
@@ -159987,9 +159987,9 @@ CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS bec
CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an ...)
- bftpd <itp> (bug #640469)
CVE-2019-20361 (There was a flaw in the WordPress plugin, Email Subscribers & News ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-20360 (A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticat ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-20359
RESERVED
CVE-2020-6161
@@ -160897,7 +160897,7 @@ CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL Comman
CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers & Newslett ...)
NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress
CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...)
NOT-FOR-US: Nessus
CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...)
@@ -162824,11 +162824,11 @@ CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV e
CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload and execu ...)
NOT-FOR-US: Employee Records System
CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_titl ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-20181 (The awesome-support plugin 5.8.0 for WordPress allows XSS via the post ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-20180 (The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-20179 (SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter ...)
NOT-FOR-US: SOPlanning
CVE-2019-20178 (Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php ...)
@@ -180437,7 +180437,7 @@ CVE-2019-17663 (D-Link DIR-866L 1.03B04 devices allow XSS via HtmlResponseMessag
CVE-2019-17662 (ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a c ...)
NOT-FOR-US: ThinVNC
CVE-2019-17661 (A CSV injection in the codepress-admin-columns (aka Admin Columns) plu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-17660 (A cross-site scripting (XSS) vulnerability in admin/translate/translat ...)
- limesurvey <itp> (bug #472802)
CVE-2019-17659
@@ -180837,83 +180837,83 @@ CVE-2015-9533 (The Easy Digital Downloads (EDD) Lattice theme for WordPress, as
CVE-2015-9532 (The Easy Digital Downloads (EDD) Digital Store theme for WordPress, as ...)
NOT-FOR-US: Wordpress theme
CVE-2015-9531 (The Easy Digital Downloads (EDD) Wish Lists extension for WordPress, a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9530 (The Easy Digital Downloads (EDD) Upload File extension for WordPress, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9529 (The Easy Digital Downloads (EDD) Stripe extension for WordPress, as us ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9528 (The Easy Digital Downloads (EDD) Software Licensing extension for Word ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9527 (The Easy Digital Downloads (EDD) Simple Shipping extension for WordPre ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9526 (The Easy Digital Downloads (EDD) Reviews extension for WordPress, as u ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9525 (The Easy Digital Downloads (EDD) Recurring Payments extension for Word ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9524 (The Easy Digital Downloads (EDD) Recount Earnings extension for WordPr ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9523 (The Easy Digital Downloads (EDD) Recommended Products extension for Wo ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9522 (The Easy Digital Downloads (EDD) QR Code extension for WordPress, as u ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9521 (The Easy Digital Downloads (EDD) Pushover Notifications extension for ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9520 (The Easy Digital Downloads (EDD) Per Product Emails extension for Word ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9519 (The Easy Digital Downloads (EDD) PDF Stamper extension for WordPress, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9518 (The Easy Digital Downloads (EDD) PDF Invoices extension for WordPress, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9517 (The Easy Digital Downloads (EDD) Manual Purchases extension for WordPr ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9516 (The Easy Digital Downloads (EDD) Invoices extension for WordPress, as ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9515 (The Easy Digital Downloads (EDD) htaccess Editor extension for WordPre ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9514 (The Easy Digital Downloads (EDD) Free Downloads extension for WordPres ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9513 (The Easy Digital Downloads (EDD) Favorites extension for WordPress, as ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9512 (The Easy Digital Downloads (EDD) CSV Manager extension for WordPress, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9511 (The Easy Digital Downloads (EDD) Conditional Success Redirects extensi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9510 (The Easy Digital Downloads (EDD) Cross-sell Upsell extension for WordP ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9509 (The Easy Digital Downloads (EDD) Content Restriction extension for Wor ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9508 (The Easy Digital Downloads (EDD) Commissions extension for WordPress, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9507 (The Easy Digital Downloads (EDD) Attach Accounts to Orders extension f ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9506 (The Easy Digital Downloads (EDD) Amazon S3 extension for WordPress, as ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9505 (The Easy Digital Downloads (EDD) core component 1.8.x before 1.8.7, 1. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9504 (The weeklynews theme before 2.2.9 for WordPress has XSS via the s para ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9503 (The Modern theme before 1.4.2 for WordPress has XSS via the genericons ...)
NOT-FOR-US: Wordpress theme
CVE-2015-9502 (The Auberge theme before 1.4.5 for WordPress has XSS via the genericon ...)
NOT-FOR-US: Wordpress theme
CVE-2015-9501 (The Artificial Intelligence theme before 1.2.4 for WordPress has XSS b ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9500 (The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9499 (The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execut ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9498 (The wps-hide-login plugin before 1.1 for WordPress has CSRF that affec ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9497 (The ad-inserter plugin before 1.5.3 for WordPress has CSRF with result ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9496 (The freshmail-newsletter plugin before 1.6 for WordPress has shortcode ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9495 (The syndication-links plugin before 1.0.3 for WordPress has XSS via th ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9494 (The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS vi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9493 (The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS is ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-17547 (In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a ...)
- imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16537
@@ -181438,7 +181438,7 @@ CVE-2019-17388 (Weak file permissions applied to the Aviatrix VPN Client through
CVE-2019-17387 (An authentication flaw in the AVPNC_RP service in Aviatrix VPN Client ...)
NOT-FOR-US: Aviatrix VPN Client
CVE-2019-17386 (The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimat ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-17385 (The animate-it plugin before 2.3.5 for WordPress has XSS. ...)
NOT-FOR-US: animate-it plugin for WordPress
CVE-2019-17384 (The animate-it plugin before 2.3.4 for WordPress has XSS. ...)
@@ -181755,7 +181755,7 @@ CVE-2019-17241 (IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadW
CVE-2019-17240 (bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypas ...)
NOT-FOR-US: Bludit
CVE-2019-17239 (includes/settings/class-alg-download-plugins-settings.php in the downl ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-17238
RESERVED
CVE-2019-17237 (includes/class-coming-soon-creator.php in the igniteup plugin through ...)
@@ -181767,9 +181767,9 @@ CVE-2019-17235 (includes/class-coming-soon-creator.php in the igniteup plugin th
CVE-2019-17234 (includes/class-coming-soon-creator.php in the igniteup plugin through ...)
NOT-FOR-US: igniteup plugin for WordPress
CVE-2019-17233 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-17232 (Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-17231 (includes/theme-functions.php in the OneTone theme through 3.0.6 for Wo ...)
NOT-FOR-US: OneTone theme for WordPress
CVE-2019-17230 (includes/theme-functions.php in the OneTone theme through 3.0.6 for Wo ...)
@@ -182856,7 +182856,7 @@ CVE-2015-9418 (The Watu Pro plugin before 4.9.0.8 for WordPress has CSRF that al
CVE-2015-9417 (The testimonial-slider plugin through 1.2.1 for WordPress has CSRF wit ...)
NOT-FOR-US: testimonial-slider plugin for WordPress
CVE-2015-9416 (The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPr ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9415 (The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclu ...)
NOT-FOR-US: bj-lazy-load plugin for WordPress
CVE-2015-9414 (The wp-symposium plugin through 15.8.1 for WordPress has XSS via the w ...)
@@ -182870,7 +182870,7 @@ CVE-2015-9411 (The Postmatic plugin before 1.4.6 for WordPress has XSS. ...)
CVE-2015-9410 (The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS v ...)
NOT-FOR-US: Blubrry PowerPress Podcasting plugin for WordPress
CVE-2015-9409 (The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading specially ...)
- pillow 6.2.0-1 (low)
[buster] - pillow 5.4.1-2+deb10u1
@@ -183770,15 +183770,15 @@ CVE-2019-16526
CVE-2019-16525 (An XSS issue was discovered in the checklist plugin before 1.1.9 for W ...)
NOT-FOR-US: checklist plugin for WordPress
CVE-2019-16524 (The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBo ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16523 (The events-manager plugin through 5.9.5 for WordPress (aka Events Mana ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16522 (The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie La ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16521 (The broken-link-checker plugin through 1.11.8 for WordPress (aka Broke ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16520 (The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker to exe ...)
NOT-FOR-US: ESET Cyber Security
CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...)
@@ -184081,7 +184081,7 @@ CVE-2016-10995 (The Tevolution plugin before 2.3.0 for WordPress has arbitrary f
CVE-2016-10994 (The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. ...)
NOT-FOR-US: Truemag theme for WordPress
CVE-2016-10993 (The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s p ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10992 (The music-store plugin before 1.0.43 for WordPress has XSS via the wp- ...)
NOT-FOR-US: music-store plugin for WordPress
CVE-2016-10991 (The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclu ...)
@@ -184268,7 +184268,7 @@ CVE-2019-16334 (In Bludit v3.9.2, there is a persistent XSS vulnerability in the
CVE-2019-16333 (GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in adm ...)
NOT-FOR-US: GetSimple CMS
CVE-2019-16332 (In the api-bearer-auth plugin before 20190907 for WordPress, the serve ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-12412 (A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference ...)
{DSA-4541-1 DLA-1944-1}
- libapreq2 2.13-6 (bug #939937)
@@ -184358,7 +184358,7 @@ CVE-2019-16291
CVE-2019-16290
RESERVED
CVE-2019-16289 (The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPre ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16288 (On Tenda N301 wireless routers, a long string in the wifiSSID paramete ...)
NOT-FOR-US: Tenda
CVE-2019-16287 (In HP ThinPro Linux 6.2, 6.2.1, 7.0 and 7.1, an attacker may be able t ...)
@@ -184519,49 +184519,49 @@ CVE-2017-18617
CVE-2017-18616
RESERVED
CVE-2017-18615 (The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18614 (The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18613 (The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18612 (The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/f ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10955 (The cysteme-finder plugin before 1.4 for WordPress has unrestricted fi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10954 (The Neosense theme before 1.8 for WordPress has qquploader unrestricte ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10953 (The Headway theme before 3.8.9 for WordPress has XSS via the license k ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10952 (The quotes-collection plugin before 2.0.6 for WordPress has XSS via th ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10951 (The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection vi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10950 (The sirv plugin before 1.3.2 for WordPress has SQL injection via the i ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10949 (The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL in ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10948 (The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect han ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10947 (The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10946 (The wp-d3 plugin before 2.4.1 for WordPress has CSRF. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10945 (The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?pa ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10944 (The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10943 (The zx-csv-upload plugin 1 for WordPress has SQL injection via the id ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10942 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10941 (The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for W ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10940 (The zm-gallery plugin 1.0 for WordPress has SQL injection via the orde ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10939 (The xtremelocator plugin 1.5 for WordPress has SQL injection via the i ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10938 (The copy-me plugin 1.0.0 for WordPress has CSRF for copying non-public ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
{DSA-4587-1 DSA-4586-1 DLA-2330-1 DLA-2027-1 DLA-2007-1}
- ruby2.5 2.5.7-1
@@ -185030,13 +185030,13 @@ CVE-2019-16108 (phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (C
CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...)
NOT-FOR-US: phpBB
CVE-2018-21014 (The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-21013 (The Swape theme before 1.2.1 for WordPress has incorrect access contro ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-21012 (The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-21011 (The charitable plugin before 1.5.14 for WordPress has unauthorized acc ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-16106 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...)
NOT-FOR-US: Recruitment module in Humanica Humatrix
CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)
@@ -186097,39 +186097,39 @@ CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...)
CVE-2017-18593 (The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cas ...)
NOT-FOR-US: updraftplus plugin for WordPress
CVE-2015-9379 (iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9378 (iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9377 (iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via ad ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9376 (iThemes Mobile before 1.2.8 for WordPress has XSS via add_query_arg() ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9375 (Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordP ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9374 (Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9373 (PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9372 (Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9371 (Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPres ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9370 (Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XS ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9369 (Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordP ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9368 (Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9367 (Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9366 (Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordP ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9365 (Authorize.net Add-on for iThemes Exchange before 1.1.0 for WordPress h ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9364 (2Checkout Add-on for iThemes Exchange before 1.1.0 for WordPress has X ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9363 (iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9362 (The Post Connector plugin before 1.0.4 for WordPress has XSS via add_q ...)
NOT-FOR-US: Post Connector plugin for WordPress
CVE-2015-9361 (The Related Posts plugin before 1.8.2 for WordPress has XSS via add_qu ...)
@@ -187540,7 +187540,7 @@ CVE-2019-15239 (In the Linux kernel, a certain net/ipv4/tcp_output.c change, whi
NOTE: Workaround entry for main entry as the issue never affected upstream version
NOTE: actually and is specific to the stable versions backports.
CVE-2019-15238 (The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...)
[experimental] - roundcube 1.5~rc+dfsg.1-1
- roundcube 1.5.0+dfsg.1-1 (low; bug #949629)
@@ -187649,17 +187649,17 @@ CVE-2019-15211 (An issue was discovered in the Linux kernel before 5.2.6. There
[stretch] - linux 4.9.189-1
NOTE: https://git.kernel.org/linus/c666355e60ddb4748ead3bdd983e3f7f2224aaf0
CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-20977 (The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPre ...)
NOT-FOR-US: all-in-one-schemaorg-rich-snippets plugin for WordPress
CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18567 (The wp-all-import plugin before 3.4.6 for WordPress has XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18566 (The user-role plugin before 1.5.6 for WordPress has multiple XSS issue ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18565 (The updater plugin before 1.35 for WordPress has multiple XSS issues. ...)
NOT-FOR-US: updater plugin for WordPress
CVE-2017-18564 (The sender plugin before 1.2.1 for WordPress has multiple XSS issues. ...)
@@ -187687,11 +187687,11 @@ CVE-2017-18554 (The analytics-tracker plugin before 1.1.1 for WordPress has XSS
CVE-2017-18553 (The ad-buttons plugin before 2.3.2 for WordPress has XSS. ...)
NOT-FOR-US: ad-buttons plugin for WordPress
CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10913 (The wp-latest-posts plugin before 3.7.5 for WordPress has XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10912 (The universal-analytics plugin before 1.3.1 for WordPress has XSS. ...)
NOT-FOR-US: universal-analytics plugin for WordPress
CVE-2016-10911 (The profile-builder plugin before 2.4.2 for WordPress has multiple XSS ...)
@@ -187703,19 +187703,19 @@ CVE-2016-10909 (The booking-calendar-contact-form plugin before 1.0.24 for WordP
CVE-2016-10908 (The booking-calendar-contact-form plugin before 1.0.24 for WordPress h ...)
NOT-FOR-US: booking-calendar-contact-form plugin for WordPress
CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9330 (The wp-all-import plugin before 3.2.5 for WordPress has blind SQL inje ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9329 (The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9328 (The profile-builder plugin before 2.2.5 for WordPress has XSS. ...)
NOT-FOR-US: profile-builder plugin for WordPress
CVE-2015-9327 (The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS ...)
NOT-FOR-US: flickr-justified-gallery plugin for WordPress
CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2014-10380 (The profile-builder plugin before 1.1.66 for WordPress has multiple XS ...)
NOT-FOR-US: profile-builder plugin for WordPress
CVE-2014-10379 (The duplicate-post plugin before 2.6 for WordPress has SQL injection. ...)
@@ -187729,7 +187729,7 @@ CVE-2012-6715 (The formbuilder plugin before 0.9.1 for WordPress has XSS via a R
CVE-2012-6714 (The count-per-day plugin before 3.2.3 for WordPress has XSS via search ...)
NOT-FOR-US: count-per-day plugin for WordPress
CVE-2011-5328 (The user-access-manager plugin before 1.2 for WordPress has CSRF. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-15210
RESERVED
CVE-2019-15209
@@ -188137,21 +188137,21 @@ CVE-2017-18535 (The smokesignal plugin before 1.2.7 for WordPress has XSS. ...)
CVE-2017-18534 (The share-on-diaspora plugin before 0.7.2 for WordPress has reflected ...)
NOT-FOR-US: share-on-diaspora plugin for WordPress
CVE-2017-18533 (The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18532 (The realty plugin before 1.1.0 for WordPress has multiple XSS issues. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18531 (The raygun4wp plugin before 1.8.3 for WordPress has XSS in the setting ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18530 (The rating-bws plugin before 0.2 for WordPress has multiple XSS issues ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18529 (The promobar plugin before 1.1.1 for WordPress has multiple XSS issues ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18528 (The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issue ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18527 (The pagination plugin before 1.0.7 for WordPress has multiple XSS issu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18526 (The moreads-se plugin before 1.4.7 for WordPress has XSS. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10904 (The olimometer plugin before 2.57 for WordPress has SQL injection. ...)
NOT-FOR-US: olimometer plugin for WordPress
CVE-2016-10903 (The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 ...)
@@ -188171,7 +188171,7 @@ CVE-2016-10897 (The sermon-browser plugin before 0.45.16 for WordPress has multi
CVE-2016-10896 (The seo-redirection plugin before 4.3 for WordPress has stored XSS. ...)
NOT-FOR-US: seo-redirection plugin for WordPress
CVE-2016-10895 (The option-tree plugin before 2.6.0 for WordPress has XSS via an add_l ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9326 (The wp-business-intelligence-lite plugin before 1.6.3 for WordPress ha ...)
NOT-FOR-US: wp-business-intelligence-lite plugin for WordPress
CVE-2015-9325 (The visitors-online plugin before 0.4 for WordPress has SQL injection. ...)
@@ -188185,7 +188185,7 @@ CVE-2015-9322 (The erident-custom-login-and-dashboard plugin before 3.5 for Word
CVE-2015-9321 (The shortcode-factory plugin before 1.1.1 for WordPress has XSS via ad ...)
NOT-FOR-US: shortcode-factory plugin for WordPress
CVE-2015-9320 (The option-tree plugin before 2.5.4 for WordPress has XSS related to a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2014-10376 (The i-recommend-this plugin before 3.7.3 for WordPress has SQL injecti ...)
NOT-FOR-US: i-recommend-this plugin for WordPress
CVE-2019-15099 (drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2. ...)
@@ -188207,7 +188207,7 @@ CVE-2019-15090 (An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the L
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/c09581a52765a85f19fc35340127396d5e3379cc
CVE-2019-15082 (The 360-product-rotation plugin before 1.4.8 for WordPress has reflect ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-15081 (OpenCart 3.x, when the attacker has login access to the admin panel, a ...)
NOT-FOR-US: OpenCart
CVE-2019-15080 (An issue was discovered in a smart contract implementation for MORPH T ...)
@@ -188249,21 +188249,21 @@ CVE-2019-15064 (HiNet GPON firmware version < I040GWR190731 allows an attacke
CVE-2017-18525 (The megamenu plugin before 2.4 for WordPress has XSS. ...)
NOT-FOR-US: megamenu plugin for WordPress
CVE-2017-18524 (The football-pool plugin before 2.6.5 for WordPress has multiple XSS i ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18523 (The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18522 (The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18521 (The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-adm ...)
NOT-FOR-US: democracy-poll plugin for WordPress
CVE-2017-18520 (The democracy-poll plugin before 5.4 for WordPress has XSS via update_ ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18519 (The customer-area plugin before 7.4.3 for WordPress has XSS via admin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18518 (The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18517 (The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS i ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-18516 (The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS is ...)
NOT-FOR-US: bws-linkedin plugin for WordPress
CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequently, a ...)
@@ -188272,19 +188272,19 @@ CVE-2016-10894 (xtrlock through 2.10 does not block multitouch events. Consequen
[buster] - xtrlock 2.8+deb10u1
[stretch] - xtrlock 2.8+deb9u1
CVE-2016-10893 (The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has mu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10892 (The chained-quiz plugin before 1.0 for WordPress has multiple XSS issu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10891 (The aryo-activity-log plugin before 2.3.3 for WordPress has XSS. ...)
NOT-FOR-US: aryo-activity-log plugin for WordPress
CVE-2016-10890 (The aryo-activity-log plugin before 2.3.2 for WordPress has XSS. ...)
NOT-FOR-US: aryo-activity-log plugin for WordPress
CVE-2015-9319 (The gregs-high-performance-seo plugin before 1.6.2 for WordPress has X ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9318 (The awesome-support plugin before 3.1.7 for WordPress has a security i ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9317 (The awesome-support plugin before 3.1.7 for WordPress has XSS via cust ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-15063
RESERVED
CVE-2019-15062 (An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an ...)
@@ -189458,9 +189458,9 @@ CVE-2019-12625 (ClamAV versions prior to 0.101.3 are susceptible to a zip bomb v
NOTE: Partially adressed already in 0.101.2+dfsg-3 but incomplete.
NOTE: https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
CVE-2019-14774 (The woo-variation-swatches (aka Variation Swatches for WooCommerce) pl ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-14773 (admin/includes/class.actions.snippet.php in the "Woody ad snippets" pl ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-14772 (verdaccio before 3.12.0 allows XSS. ...)
NOT-FOR-US: verdaccio
CVE-2019-14771 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the ...)
@@ -189699,15 +189699,15 @@ CVE-2019-14685 (A local privilege escalation vulnerability exists in Trend Micro
CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
NOT-FOR-US: Trend Micro
CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-14682 (The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-14681 (The Deny All Firewall plugin before 1.1.7 for WordPress allows wp-admi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-14680 (The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 f ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-14679 (core/views/arprice_import_export.php in the ARPrice Lite plugin 2.2 fo ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-14678 (SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability tha ...)
NOT-FOR-US: SAP
CVE-2019-14677
@@ -194620,7 +194620,7 @@ CVE-2019-13479
CVE-2018-20851 (Helpy before 2.2.0 allows agents to edit admins. ...)
NOT-FOR-US: Helpy
CVE-2019-13478 (The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly r ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-13477 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in t ...)
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-13476 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in th ...)
@@ -194800,9 +194800,9 @@ CVE-2019-13416 (Search Guard versions before 24.3 had an issue when Cross Cluste
CVE-2019-13415 (Search Guard versions before 24.3 had an issue when Cross Cluster Sear ...)
NOT-FOR-US: Search Guard
CVE-2019-13414 (The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/ren ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-13413 (The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection v ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-13412 (A service which is hosted on port 3097 in HiNet GPON firmware < I04 ...)
NOT-FOR-US: HiNet GPON firmware
CVE-2019-13411 (An “invalid command” handler issue was discovered in HiNet ...)
@@ -198076,11 +198076,11 @@ CVE-2019-12243 (Istio 1.1.x through 1.1.6 has Incorrect Access Control. ...)
CVE-2019-12242
RESERVED
CVE-2019-12241 (The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserializat ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-12240 (The Virim plugin 0.4 for WordPress allows Insecure Deserialization via ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-12239 (The WP Booking System plugin 1.5.1 for WordPress has no CSRF protectio ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-12238
RESERVED
CVE-2019-12237
@@ -202112,7 +202112,7 @@ CVE-2019-10866 (In the Form Maker plugin before 1.13.3 for WordPress, it's possi
CVE-2019-10865
RESERVED
CVE-2019-10864 (The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-10863 (A command injection vulnerability exists in TeemIp versions before 2.4 ...)
NOT-FOR-US: TeemIp IPAM
CVE-2019-10862
@@ -204755,19 +204755,19 @@ CVE-2019-9916
CVE-2019-9915 (GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redir ...)
NOT-FOR-US: GetSimpleCMS
CVE-2019-9914 (The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php? ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-9913 (The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-adm ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-9912 (The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-9911 (The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-9910 (The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?pag ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-9909 (The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-9908 (The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-gen ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-9907
RESERVED
CVE-2019-9906
@@ -212455,9 +212455,9 @@ CVE-2019-7415
CVE-2019-7414
RESERVED
CVE-2019-7413 (In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandles san ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remo ...)
@@ -212645,7 +212645,7 @@ CVE-2019-1000005 (mPDF version 7.1.7 and earlier contains a CWE-502: Deserializa
CVE-2019-1000004 (yugandhargangu JspMyAdmin2 version 1.0.6 and earlier contains a Cross ...)
NOT-FOR-US: yugandhargangu JspMyAdmin2
CVE-2019-1000003 (MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2019-1000002 (Gitea version 1.6.2 and earlier contains a Incorrect Access Control vu ...)
- gitea <removed>
NOTE: https://github.com/go-gitea/gitea/pull/5631
@@ -232735,9 +232735,9 @@ CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to caus
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg04489.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=1d20398694a3b67a388d955b7a945ba4aa90a8a8 (master)
CVE-2018-19488 (The WP-jobhunt plugin before version 2.4 for WordPress does not contro ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-19487 (The WP-jobhunt plugin before version 2.4 for WordPress does not contro ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-19485
RESERVED
CVE-2018-19484
@@ -233047,7 +233047,7 @@ CVE-2018-19372
CVE-2018-19371 (The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has a ...)
NOT-FOR-US: SDL Web
CVE-2018-19370 (A Race condition vulnerability in unzip_file in admin/import/class-imp ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-19369
RESERVED
CVE-2018-19368
@@ -234350,13 +234350,13 @@ CVE-2018-19044 (keepalived 2.0.8 didn't check for pathnames with symlinks when w
NOTE: https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
NOTE: https://github.com/acassen/keepalived/issues/1048
CVE-2018-19043 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary fil ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-19042 (The Media File Manager plugin 1.4.2 for WordPress allows arbitrary fil ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-19041 (The Media File Manager plugin 1.4.2 for WordPress allows XSS via the d ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-19040 (The Media File Manager plugin 1.4.2 for WordPress allows directory lis ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-19039 (Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated ...)
- grafana <removed>
NOTE: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961
@@ -235838,7 +235838,7 @@ CVE-2018-XXXX [External URL injection through URL aliases]
CVE-2018-18461 (The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5. ...)
NOT-FOR-US: Arigato
CVE-2018-18460 (XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress vi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-18459 (The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remo ...)
- xpdf <unfixed> (unimportant)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217
@@ -236081,7 +236081,7 @@ CVE-2018-18375 (goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows a
CVE-2018-18374 (XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid par ...)
NOT-FOR-US: MetInfo
CVE-2018-18373 (In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-18372 (A Stored XSS vulnerability has been discovered in KAASoft Library CMS ...)
NOT-FOR-US: KAASoft Library CMS
CVE-2018-18371 (The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connecti ...)
@@ -236996,7 +236996,7 @@ CVE-2018-18071 (An issue was discovered in the Daimler Mercedes-Benz Me app 2.11
CVE-2018-18070 (An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 ...)
NOT-FOR-US: Daimler Mercedes-Benz COMAND on Mercedes-Benz C-Class 2018 vehicles
CVE-2018-18069 (process_forms in the WPML (aka sitepress-multilingual-cms) plugin thro ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-18068 (The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ a ...)
NOT-FOR-US: ARM-based hardware debugging feature on Raspberry Pi 3 module B+ (and possibly other devices)
CVE-2018-18067
@@ -239345,11 +239345,11 @@ CVE-2018-17141 (HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execu
- hylafax 3:6.0.6-8.1 (bug #909161)
NOTE: http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
CVE-2018-17140 (The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS v ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-17139 (UltimatePOS 2.5 allows users to upload arbitrary files, which leads to ...)
NOT-FOR-US: UltimatePOS
CVE-2018-17138 (The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS v ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-17137 (Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 prese ...)
NOT-FOR-US: Prezi Next
CVE-2018-17136 (zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php vi ...)
@@ -241727,7 +241727,7 @@ CVE-2018-16300 (The BGP parser in tcpdump before 4.9.3 allows stack consumption
- tcpdump 4.9.3-1 (bug #941698)
NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/af2cf04a9394c1a56227c2289ae8da262828294a
CVE-2018-16299 (The Localize My Post plugin 1.0 for WordPress allows Directory Travers ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-16298 (An issue was discovered in MiniCMS 1.10. There is an mc-admin/post.php ...)
NOT-FOR-US: MiniCMS
CVE-2018-16297 (An exploitable use-after-free vulnerability exists in the JavaScript e ...)
@@ -241755,11 +241755,11 @@ CVE-2018-16287 (LG SuperSign CMS allows file upload via signEzUI/playlist/edit/u
CVE-2018-16286 (LG SuperSign CMS allows authentication bypass because the CAPTCHA requ ...)
NOT-FOR-US: LG SuperSign CMS
CVE-2018-16285 (The UserPro plugin through 4.9.23 for WordPress allows XSS via the sho ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-16284
RESERVED
CVE-2018-16283 (The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Dir ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-16282 (A command injection vulnerability in the web server functionality of M ...)
NOT-FOR-US: Moxa
CVE-2018-16281 (The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Ji ...)
@@ -241923,7 +241923,7 @@ CVE-2018-16208
CVE-2018-16207 (PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows ...)
NOT-FOR-US: PowerAct Pro Master Agent for Windows
CVE-2018-16206 (Cross-site scripting vulnerability in WordPress plugin spam-byebye 2.2 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-16205 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows ...)
NOT-FOR-US: GROWI
CVE-2018-16204 (Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0. ...)
@@ -242768,9 +242768,9 @@ CVE-2018-16585 (** DISPUTED ** An issue was discovered in Artifex Ghostscript be
NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699663
CVE-2018-15877 (The Plainview Activity Monitor plugin before 20180826 for WordPress is ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-15876 (An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for W ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-15875 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20. ...)
NOT-FOR-US: D-Link
CVE-2018-15874 (Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20. ...)
@@ -249698,7 +249698,7 @@ CVE-2018-13138
CVE-2018-13137 (The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_eve ...)
NOT-FOR-US: Events Manager plugin for WordPress
CVE-2018-13136 (The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for Word ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-13135
RESERVED
CVE-2018-13134 (TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have X ...)
@@ -251051,21 +251051,21 @@ CVE-2018-1000514 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Req
CVE-2018-1000513 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting ...)
- limesurvey <itp> (bug #472802)
CVE-2018-1000512 (Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Sc ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-1000511 (WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulner ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-1000510 (WP Image Zoom version 1.23 contains a Incorrect Access Control vulnera ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-1000509 (Redirection version 2.7.1 contains a Serialisation vulnerability possi ...)
NOT-FOR-US: Redirection
CVE-2018-1000508 (WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vuln ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-1000507 (WP User Groups version 2.0.0 contains a Cross ite Request Forgery (CSR ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-1000506 (Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forger ...)
NOT-FOR-US: Metronet Tag Manager
CVE-2018-1000505 (Tooltipy (tooltips for WP) version 5 contains a Cross ite Request Forg ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-1000504 (Redirection version 2.7.3 contains a ACE via file inclusion vulnerabil ...)
NOT-FOR-US: Redirection
CVE-2018-1000503 (MyBB Group MyBB contains a Incorrect Access Control vulnerability in P ...)
@@ -251086,7 +251086,7 @@ CVE-2018-1000404 (Jenkins project Jenkins AWS CodeBuild Plugin version 0.26 and
CVE-2018-12637
RESERVED
CVE-2018-12636 (The iThemes Security (better-wp-security) plugin before 7.0.3 for Word ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-12635 (CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to t ...)
NOT-FOR-US: CirCarLife Scada
CVE-2018-12634 (CirCarLife Scada before 4.3 allows remote attackers to obtain sensitiv ...)
@@ -254874,7 +254874,7 @@ CVE-2018-11368
CVE-2018-11367 (An issue was discovered in CppCMS before 1.2.1. There is a denial of s ...)
NOT-FOR-US: CppCMS
CVE-2018-11366 (init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-11365 (sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an ...)
- r-cran-haven 1.1.1-2 (low; bug #899335)
CVE-2018-11364 (sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in l ...)
@@ -255597,7 +255597,7 @@ CVE-2018-11107
CVE-2018-11106 (NETGEAR has released fixes for a pre-authentication command injection ...)
NOT-FOR-US: Netgear
CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support plugi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-11104
RESERVED
CVE-2018-11103
@@ -257408,7 +257408,7 @@ CVE-2018-10506 (A out-of-bounds read information disclosure vulnerability in Tre
CVE-2018-10505 (A pool corruption privilege escalation vulnerability in Trend Micro Of ...)
NOT-FOR-US: Trend Micro
CVE-2018-10504 (The WebDorado "Form Maker by WD" plugin before 1.12.24 for WordPress a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-10503 (An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. ...)
NOT-FOR-US: baijiacms
CVE-2018-10502 (This vulnerability allows local attackers to escalate privileges on vu ...)
@@ -260751,7 +260751,7 @@ CVE-2018-9174 (sys_verifies.php in DedeCMS 5.7 allows remote attackers to execut
CVE-2018-9173 (Cross-site scripting (XSS) vulnerability in admin/template/js/uploadif ...)
NOT-FOR-US: GetSimple CMS
CVE-2018-9172 (The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-9171
RESERVED
CVE-2018-9170
@@ -261075,9 +261075,9 @@ CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an upload_file
CVE-2018-9036 (CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Dis ...)
NOT-FOR-US: CheckSec Canopy
CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-9034 (Cross-site scripting (XSS) vulnerability in lib/interface.php of the R ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-9033
RESERVED
CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1 ...)
@@ -261145,7 +261145,7 @@ CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, wh
NOTE: https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
NOTE: https://github.com/apple/cups/issues/5143
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-9019 (SQL Injection vulnerability in Dolibarr before version 7.0.2 allows re ...)
- dolibarr <removed>
NOTE: https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739
@@ -265146,7 +265146,7 @@ CVE-2018-7544 (** DISPUTED ** A cross-protocol scripting issue was discovered in
NOTE: affected problematic configurations in both the documentation and with
NOTE: a runtime warning.
CVE-2018-7543 (Cross-site scripting (XSS) vulnerability in installer/build/view.step4 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-7539 (On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is p ...)
NOT-FOR-US: Appear TV XC5000 and XC5100 devices
CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of Enalean ...)
@@ -266358,7 +266358,7 @@ CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthentica
CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in "Design ...)
NOT-FOR-US: Kentico
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for Wor ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 throu ...)
NOT-FOR-US: Twonky Server
CVE-2018-7202 (An issue was discovered in ProjectSend before r1053. XSS exists in the ...)
@@ -276045,7 +276045,7 @@ CVE-2017-1000438 (In OMERO 5.3.3 or earlier a user could create an OriginalFile
CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in the ope ...)
NOT-FOR-US: Creolabs Gravity
CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redir ...)
- NOT-FOR-US: Wordpress plugin Furikake
+ NOT-FOR-US: WordPress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with pyth ...)
{DLA-2577-1 DLA-1410-1}
- python-pysaml2 4.5.0-2 (bug #886423)
@@ -283760,7 +283760,7 @@ CVE-2017-17453
CVE-2017-17452
RESERVED
CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsub ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not req ...)
{DSA-4082-1 DSA-4073-1}
- linux 4.14.7-1
@@ -285407,7 +285407,7 @@ CVE-2017-17098 (The writeLog function in fn_common.php in gps-server.net GPS Tra
CVE-2017-17097 (gps-server.net GPS Tracking Software (self hosted) 2.x has a password ...)
NOT-FOR-US: gps-server.net GPS Tracking Software
CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards plugin b ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18 ...)
{DSA-4076-1 DLA-1225-1}
- asterisk 1:13.18.3~dfsg-1 (bug #883342)
@@ -288190,7 +288190,7 @@ CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops befo
CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...)
NOT-FOR-US: Snap7 Server
CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme versi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...)
NOT-FOR-US: Opencast
CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...)
@@ -288351,11 +288351,11 @@ CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optip
CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code exec ...)
NOT-FOR-US: nodejs ejs
CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using relevans ...)
NOT-FOR-US: Relevanssi
CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated attacke ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is prese ...)
NOT-FOR-US: MODX Revolution
CVE-2017-1000220 (soyuka/pidusage <=1.1.4 is vulnerable to command injection in the m ...)
@@ -288939,7 +288939,7 @@ CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS. ...)
CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote a ...)
NOT-FOR-US: LibreNMS
CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in admin/partials/uif-access- ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, ...)
NOT-FOR-US: Hola VPN
CVE-2017-16756 (An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-si ...)
@@ -291748,11 +291748,11 @@ CVE-2017-15814 (In Android for MSM, Firefox OS for MSM, QRD Android, with all An
CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
NOT-FOR-US: Qualcomm closed-source components on Android
CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the as ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-15810 (The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-15809 (In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a cr ...)
NOT-FOR-US: phpMyFaq
CVE-2017-15808 (In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. ...)
@@ -294458,9 +294458,9 @@ CVE-2017-14951
CVE-2017-14950
RESERVED
CVE-2015-9234 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plug ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plug ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access arbi ...)
- restlet <itp> (bug #596472)
CVE-2017-14948 (Certain D-Link products are affected by: Buffer Overflow. This affects ...)
@@ -294778,7 +294778,7 @@ CVE-2017-14849 (Node.js 8.5.0 before 8.6.0 allows remote attackers to access uni
NOTE: https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
NOTE: https://twitter.com/nodejs/status/913131152868876288
CVE-2017-14848 (WPHRM Human Resource Management System for WordPress 1.0 allows SQL In ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL In ...)
NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress
CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...)
@@ -294951,7 +294951,7 @@ CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h2
NOTE: Fixed in 3.2.8
NOTE: The check is completely missing in Jessie. It should be added.
CVE-2017-14766 (The Simple Student Result plugin before 1.6.4 for WordPress has an Aut ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-14765 (In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in ...)
NOT-FOR-US: GeniXCMS
CVE-2017-14764 (In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated use ...)
@@ -294980,7 +294980,7 @@ CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before
- mahara <removed>
NOTE: https://mahara.org/interaction/forum/topic.php?id=8083
CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-14750
RESERVED
CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...)
@@ -295835,61 +295835,61 @@ CVE-2017-14483 (flower.initd in the Gentoo dev-python/flower package before 0.9.
CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs) created by the ...)
- kubernetes <not-affected> (Vulnerable code not yet present)
CVE-2017-1002028 (Vulnerability in wordpress plugin wordpress-gallery-transformation v1. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002027 (Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002026 (Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, Th ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002025 (Vulnerability in wordpress plugin add-edit-delete-listing-for-member-m ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002023 (Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code d ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002022 (Vulnerability in wordpress plugin surveys v1.01.8, The code in questio ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002021 (Vulnerability in wordpress plugin surveys v1.01.8, The code in individ ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002020 (Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_ ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002019 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form an ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002018 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form an ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002017 (Vulnerability in wordpress plugin gift-certificate-creator v1.0, The c ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002016 (Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002015 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002014 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002013 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002012 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002011 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002010 (Vulnerability in wordpress plugin Membership Simplified v1.58, The cod ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002009 (Vulnerability in wordpress plugin Membership Simplified v1.58, The cod ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002008 (Vulnerability in wordpress plugin membership-simplified-for-oap-member ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002007 (Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/sav ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002006 (Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/sav ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002005 (Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/de ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002004 (Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/do ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002003 (Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002002 (Vulnerability in wordpress plugin webapp-builder v2.0, The plugin incl ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002001 (Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05 ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-1002000 (Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easyt ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-14481 (In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi- ...)
NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14480 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...)
@@ -296209,7 +296209,7 @@ CVE-2017-14350 (A potential security vulnerability has been identified in HPE Ap
CVE-2017-14349 (An authentication vulnerability in HPE SiteScope product versions 11.2 ...)
NOT-FOR-US: HP
CVE-2015-9230 (In the admin/db-backup-security/db-backup-security.php page in the Bul ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-9229 (In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery ...)
NOT-FOR-US: Photocrati NextGEN Gallery
CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.p ...)
@@ -296933,7 +296933,7 @@ CVE-2017-14128 (The decode_line_info function in dwarf2.c in the Binary File Des
CVE-2017-14127 (Command Injection in the Ping Module in the Web Interface on Technicol ...)
NOT-FOR-US: Technicolor
CVE-2017-14126 (The Participants Database plugin before 1.7.5.10 for WordPress has XSS ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-14125 (SQL injection vulnerability in the Responsive Image Gallery plugin bef ...)
NOT-FOR-US: Responsive Image Gallery plugin for WordPress
CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when cla ...)
@@ -299395,7 +299395,7 @@ CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted
CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...)
NOT-FOR-US: Wordpress theme
CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in th ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ov ...)
NOT-FOR-US: libbpg
CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...)
@@ -302669,9 +302669,9 @@ CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.
NOTE: https://github.com/varnishcache/varnish-cache/issues/2379
NOTE: https://github.com/varnishcache/varnish-cache/commit/09731b24b2225e3c0d66d3ec1b4fedef6fa22b6e
CVE-2017-12200 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XS ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-12199 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQ ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-12198
RESERVED
CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not properly va ...)
@@ -302970,7 +302970,7 @@ CVE-2017-12132 (The DNS stub resolver in the GNU C Library (aka glibc or libc6)
NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25
NOTE: https://arxiv.org/pdf/1205.4011.pdf
CVE-2017-12131 (The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/se ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-12130 (An exploitable NULL pointer dereference vulnerability exists in the ti ...)
NOT-FOR-US: tinysvcmdns
CVE-2017-12129 (An exploitable Weak Cryptography for Passwords vulnerability exists in ...)
@@ -303155,7 +303155,7 @@ CVE-2017-12070 (Unsigned versions of the DLLs distributed by the OPC Foundation
CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET Sam ...)
NOT-FOR-US: OPC Foundation UA .NET Sampe code and Local Discovery Server affecting various vendors
CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array pa ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubi ...)
- potrace 1.15-1 (unimportant; bug #870356)
NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
@@ -304220,7 +304220,7 @@ CVE-2017-11660
CVE-2017-11659
RESERVED
CVE-2017-11658 (In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-11657 (Dashlane might allow local users to gain privileges by placing a Troja ...)
NOT-FOR-US: Dashlane
CVE-2017-11656
@@ -306403,7 +306403,7 @@ CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attacker
CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Des ...)
NOT-FOR-US: HPE
CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the r ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-10990
RESERVED
CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3 ...)
@@ -311141,9 +311141,9 @@ CVE-2017-9339 (A logical error in ownCloud Server before 10.0.2 caused disclosur
CVE-2017-9338 (Inadequate escaping lead to XSS vulnerability in the search module in ...)
- owncloud <removed>
CVE-2017-9337 (The Markdown on Save Improved plugin 2.5 for WordPress has a stored XS ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-9336 (The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerabili ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-9335
RESERVED
CVE-2017-9333 (OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG ...)
@@ -311426,7 +311426,7 @@ CVE-2017-9290
CVE-2017-9289 (Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in no ...)
NOT-FOR-US: Bram Korsten Note
CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsa ...)
NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud
CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions whe ...)
@@ -321637,11 +321637,11 @@ CVE-2017-6106
CVE-2017-6105
RESERVED
CVE-2017-6104 (Remote file upload vulnerability in Wordpress Plugin Mobile App Native ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-6103 (Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-6102 (Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in saslserv/ ...)
- atheme-services 7.2.9-1 (bug #855588)
[jessie] - atheme-services <not-affected> (versions prior to 7.2.7 not vulnerable)
@@ -322135,7 +322135,7 @@ CVE-2017-5943 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and
{DSA-3882-1 DLA-987-1}
- request-tracker4 4.4.1-4
CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...)
- webkitgtk <removed> (unimportant)
NOTE: Not covered by security support
@@ -332637,7 +332637,7 @@ CVE-2017-2553
CVE-2017-2552
RESERVED
CVE-2017-2551 (Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possib ...)
- NOT-FOR-US: Wordpress plugin BackWPup
+ NOT-FOR-US: WordPress plugin BackWPup
CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a cop ...)
NOT-FOR-US: Easy Joomla Backup
CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...)
@@ -347950,7 +347950,7 @@ CVE-2016-6567 (SHDesigns' Resident Download Manager provides firmware update cap
CVE-2016-6566 (The valueAsString parameter inside the JSON payload contained by the u ...)
NOT-FOR-US: Sungard
CVE-2016-6565 (The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-6564 (Android devices with code from Ragentek contain a privileged binary th ...)
NOT-FOR-US: Ragentek
CVE-2016-6563 (Processing malformed SOAP messages when performing the HNAP Login acti ...)
@@ -349001,65 +349001,65 @@ CVE-2016-1000157
CVE-2016-1000156 (Mailcwp remote file upload vulnerability incomplete fix v1.100 ...)
NOT-FOR-US: WordPress plugin mailcwp
CVE-2016-1000155 (Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 ...)
- NOT-FOR-US: Wordpress plugin wpsolr-search-engine
+ NOT-FOR-US: WordPress plugin wpsolr-search-engine
CVE-2016-1000154 (Reflected XSS in wordpress plugin whizz v1.0.7 ...)
- NOT-FOR-US: Wordpress plugin whizz
+ NOT-FOR-US: WordPress plugin whizz
CVE-2016-1000153 (Reflected XSS in wordpress plugin tidio-gallery v1.1 ...)
- NOT-FOR-US: Wordpress plugin tidio-gallery
+ NOT-FOR-US: WordPress plugin tidio-gallery
CVE-2016-1000152 (Reflected XSS in wordpress plugin tidio-form v1.0 ...)
- NOT-FOR-US: Wordpress plugin tidio-form
+ NOT-FOR-US: WordPress plugin tidio-form
CVE-2016-1000151 (Reflected XSS in wordpress plugin tera-charts v1.0 ...)
- NOT-FOR-US: Wordpress plugin tera-charts
+ NOT-FOR-US: WordPress plugin tera-charts
CVE-2016-1000150 (Reflected XSS in wordpress plugin simplified-content v1.0.0 ...)
- NOT-FOR-US: Wordpress plugin simplified-content
+ NOT-FOR-US: WordPress plugin simplified-content
CVE-2016-1000149 (Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 ...)
- NOT-FOR-US: Wordpress plugin simpel-reserveren
+ NOT-FOR-US: WordPress plugin simpel-reserveren
CVE-2016-1000148 (Reflected XSS in wordpress plugin s3-video v0.983 ...)
- NOT-FOR-US: Wordpress plugin s3-video
+ NOT-FOR-US: WordPress plugin s3-video
CVE-2016-1000147 (Reflected XSS in wordpress plugin recipes-writer v1.0.4 ...)
- NOT-FOR-US: Wordpress plugin recipes-writer
+ NOT-FOR-US: WordPress plugin recipes-writer
CVE-2016-1000146 (Reflected XSS in wordpress plugin pondol-formmail v1.1 ...)
- NOT-FOR-US: Wordpress plugin pondol-formmail
+ NOT-FOR-US: WordPress plugin pondol-formmail
CVE-2016-1000145 (Reflected XSS in wordpress plugin pondol-carousel v1.0 ...)
- NOT-FOR-US: Wordpress plugin pondol-carousel
+ NOT-FOR-US: WordPress plugin pondol-carousel
CVE-2016-1000144 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
- NOT-FOR-US: Wordpress plugin photoxhibit
+ NOT-FOR-US: WordPress plugin photoxhibit
CVE-2016-1000143 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
- NOT-FOR-US: Wordpress plugin photoxhibit
+ NOT-FOR-US: WordPress plugin photoxhibit
CVE-2016-1000142 (Reflected XSS in wordpress plugin parsi-font v4.2.5 ...)
- NOT-FOR-US: Wordpress plugin parsi-font
+ NOT-FOR-US: WordPress plugin parsi-font
CVE-2016-1000141 (Reflected XSS in wordpress plugin page-layout-builder v1.9.3 ...)
- NOT-FOR-US: Wordpress plugin page-layout-builder
+ NOT-FOR-US: WordPress plugin page-layout-builder
CVE-2016-1000140 (Reflected XSS in wordpress plugin new-year-firework v1.1.9 ...)
- NOT-FOR-US: Wordpress plugin new-year-firework
+ NOT-FOR-US: WordPress plugin new-year-firework
CVE-2016-1000139 (Reflected XSS in wordpress plugin infusionsoft v1.5.11 ...)
- NOT-FOR-US: Wordpress plugin infusionsoft
+ NOT-FOR-US: WordPress plugin infusionsoft
CVE-2016-1000138 (Reflected XSS in wordpress plugin indexisto v1.0.5 ...)
- NOT-FOR-US: Wordpress plugin indexisto
+ NOT-FOR-US: WordPress plugin indexisto
CVE-2016-1000137 (Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 ...)
- NOT-FOR-US: Wordpress plugin hero-maps-pro
+ NOT-FOR-US: WordPress plugin hero-maps-pro
CVE-2016-1000136 (Reflected XSS in wordpress plugin heat-trackr v1.0 ...)
- NOT-FOR-US: Wordpress plugin heat-trackr
+ NOT-FOR-US: WordPress plugin heat-trackr
CVE-2016-1000135 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
- NOT-FOR-US: Wordpress plugin hdw-tube
+ NOT-FOR-US: WordPress plugin hdw-tube
CVE-2016-1000134 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
- NOT-FOR-US: Wordpress plugin hdw-tube
+ NOT-FOR-US: WordPress plugin hdw-tube
CVE-2016-1000133 (Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1. ...)
- NOT-FOR-US: Wordpress plugin forget-about-shortcode-buttons
+ NOT-FOR-US: WordPress plugin forget-about-shortcode-buttons
CVE-2016-1000132 (Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 ...)
- NOT-FOR-US: Wordpress plugin enhanced-tooltipglossary
+ NOT-FOR-US: WordPress plugin enhanced-tooltipglossary
CVE-2016-1000131 (Reflected XSS in wordpress plugin e-search v1.0 ...)
- NOT-FOR-US: Wordpress plugin e-search
+ NOT-FOR-US: WordPress plugin e-search
CVE-2016-1000130 (Reflected XSS in wordpress plugin e-search v1.0 ...)
- NOT-FOR-US: Wordpress plugin e-search
+ NOT-FOR-US: WordPress plugin e-search
CVE-2016-1000129 (Reflected XSS in wordpress plugin defa-online-image-protector v3.3 ...)
- NOT-FOR-US: Wordpress plugin defa-online-image-protector
+ NOT-FOR-US: WordPress plugin defa-online-image-protector
CVE-2016-1000128 (Reflected XSS in wordpress plugin anti-plagiarism v3.60 ...)
- NOT-FOR-US: Wordpress plugin anti-plagiarism
+ NOT-FOR-US: WordPress plugin anti-plagiarism
CVE-2016-1000127 (Reflected XSS in wordpress plugin ajax-random-post v2.00 ...)
- NOT-FOR-US: Wordpress plugin ajax-random-post
+ NOT-FOR-US: WordPress plugin ajax-random-post
CVE-2016-1000126 (Reflected XSS in wordpress plugin admin-font-editor v1.8 ...)
- NOT-FOR-US: Wordpress plugin admin-font-editor
+ NOT-FOR-US: WordPress plugin admin-font-editor
CVE-2016-1000125 (Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla ...)
NOT-FOR-US: Joomla component Huge-IT Catalog
CVE-2016-1000124 (Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0 ...)
@@ -366127,7 +366127,7 @@ CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing Lis
CVE-2016-1210 (The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not veri ...)
NOT-FOR-US: 105 BANK app
CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote att ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote atta ...)
NOT-FOR-US: Apple FileMaker
CVE-2016-1207 (Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R d ...)
@@ -367485,9 +367485,9 @@ CVE-2016-0771 (The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before
[squeeze] - samba <not-affected> (Vulnerable code not present)
NOTE: https://www.samba.org/samba/security/CVE-2016-0771.html
CVE-2016-0770 (Cross-site scripting (XSS) vulnerability in includes/admin/pages/manag ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in the eSho ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-0768 (PostgreSQL PL/Java after 9.0 does not honor access controls on large o ...)
- postgresql-pljava <removed>
[wheezy] - postgresql-pljava <no-dsa> (Minor issue on undocumented API that got later removed)
@@ -367501,7 +367501,7 @@ CVE-2016-0766 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.1
- postgresql-9.1 <removed>
[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
CVE-2016-0765 (Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.ph ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2016-0764 (Race condition in Network Manager before 1.0.12 as packaged in Red Hat ...)
- network-manager 1.1.91-1 (bug #820354)
[jessie] - network-manager <no-dsa> (Minor issue)
@@ -371952,7 +371952,7 @@ CVE-2015-7808 (The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.
CVE-2015-7807
RESERVED
CVE-2015-7806 (Eval injection vulnerability in the fm_saveHelperGatherItems function ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-7805 (Heap-based buffer overflow in libsndfile 1.0.25 allows remote attacker ...)
{DLA-928-1 DLA-356-1}
- libsndfile 1.0.25-10 (bug #804445)
@@ -375190,7 +375190,7 @@ CVE-2015-6670 (ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x befor
CVE-2015-6669
RESERVED
CVE-2015-6668 (The Job Manager plugin before 0.7.25 allows remote attackers to read a ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-6667
RESERVED
CVE-2015-6664 (XML external entity (XXE) vulnerability in the application import func ...)
@@ -382225,7 +382225,7 @@ CVE-2015-4091 (XML external entity (XXE) vulnerability in SAP NetWeaver AS Java
CVE-2015-4090
RESERVED
CVE-2015-4089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the opti ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-4088
RESERVED
CVE-2015-4087
@@ -384402,9 +384402,9 @@ CVE-2015-3317 (CA Common Services, as used in CA Client Automation r12.5 SP01, r
CVE-2015-3316 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
NOT-FOR-US: CA Common Services in ca.com products
CVE-2015-3314 (SQL injection vulnerability in WordPress Tune Library plugin before 1. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-3313 (SQL injection vulnerability in WordPress Community Events plugin befor ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-3312
RESERVED
CVE-2015-3311
@@ -384445,7 +384445,7 @@ CVE-2015-3301 (Directory traversal vulnerability in the TheCartPress eCommerce S
CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPres ...)
NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3299 (Cross-site scripting (XSS) vulnerability in the Floating Social Bar pl ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2015-3298 (Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN ...)
NOT-FOR-US: Yubico ykneo-openpgp
CVE-2015-3296 (Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0 ...)
@@ -390578,9 +390578,9 @@ CVE-2015-1368 (Multiple cross-site scripting (XSS) vulnerabilities in Ansible To
CVE-2015-1367 (SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote ...)
NOT-FOR-US: CatBot
CVE-2015-1366 (Cross-site scripting (XSS) vulnerability in pixabay-images.php in the ...)
- NOT-FOR-US: Wordpress plugin Pixabay Images
+ NOT-FOR-US: WordPress plugin Pixabay Images
CVE-2015-1365 (Directory traversal vulnerability in pixabay-images.php in the Pixabay ...)
- NOT-FOR-US: Wordpress plugin Pixabay Images
+ NOT-FOR-US: WordPress plugin Pixabay Images
CVE-2015-1364 (SQL injection vulnerability in the getProfile function in system/profi ...)
NOT-FOR-US: Free Reprintables ArticleFR
CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleF ...)
@@ -397497,7 +397497,7 @@ CVE-2014-8623
CVE-2014-8622 (Cross-site scripting (XSS) vulnerability in compfight-search.php in th ...)
NOT-FOR-US: Compfight plugin for WordPress
CVE-2014-8621 (SQL injection vulnerability in the Store Locator plugin 2.3 through 3. ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2014-8620
RESERVED
CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in the autolearn configuratio ...)
@@ -397978,7 +397978,7 @@ CVE-2014-8494 (ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Con
CVE-2014-8493 (ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to ...)
NOT-FOR-US: ZTE ZXHN H108L
CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fal ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote at ...)
NOT-FOR-US: Grand Flagallery plugin for WordPress
CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9 ...)
@@ -398566,7 +398566,7 @@ CVE-2014-8760 (ejabberd before 2.1.13 does not enforce the starttls_required set
CVE-2014-8759
RESERVED
CVE-2014-8758 (Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2014-8757 (LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to byp ...)
NOT-FOR-US: LG On-Screen Phone
CVE-2014-8756 (The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder befo ...)
@@ -399236,7 +399236,7 @@ CVE-2014-8090 (The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x
NOTE: For the incomplete fix for CVE-2014-8080
NOTE: https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
CVE-2014-8087 (Cross-site scripting (XSS) vulnerability in the post highlights plugin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2014-8085 (Unrestricted file upload vulnerability in the CWebContact::doModel met ...)
NOT-FOR-US: OsClass
CVE-2014-8084 (Directory traversal vulnerability in oc-includes/osclass/controller/aj ...)
@@ -401247,7 +401247,7 @@ CVE-2014-7242 (The SumaHo application 3.0.0 and earlier for Android and the Suma
CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows remote atta ...)
NOT-FOR-US: TSUTAYA application for Android
CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2014-7239
RESERVED
CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 ...)
@@ -411673,7 +411673,7 @@ CVE-2014-3124 (The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows lo
- xen 4.4.1-1 (bug #757724)
[squeeze] - xen <not-affected> (Xen versions from 4.1 onwards are vulnerable)
CVE-2014-3123 (Cross-site scripting (XSS) vulnerability in admin/manage-images.php in ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2014-3121 (rxvt-unicode before 9.20 does not properly handle OSC escape sequences ...)
{DSA-2925-1}
- rxvt-unicode 9.20-1 (bug #746593)
@@ -421143,7 +421143,7 @@ CVE-2013-6799 (Apple Mac OS X 10.9 allows local users to cause a denial of servi
CVE-2013-6798 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 o ...)
NOT-FOR-US: BlackBerry Link
CVE-2013-6797 (Cross-site request forgery (CSRF) vulnerability in bluewrench-video-wi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2013-6796 (The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to ...)
NOT-FOR-US: DeepOfix
CVE-2013-6795 (The Updater in Rackspace Openstack Windows Guest Agent for XenServer b ...)
@@ -422628,9 +422628,9 @@ CVE-2013-6282 (The (1) get_user and (2) put_user API functions in the Linux kern
NOTE: https://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04
CVE-2013-6281 (Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php i ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2013-6280 (Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plu ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2013-6279
RESERVED
CVE-2013-6278
@@ -429294,7 +429294,7 @@ CVE-2013-3722 (A Denial of Service (infinite loop) exists in OpenSIPS before 1.1
CVE-2013-3721 (SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows ...)
NOT-FOR-US: PsychoStats
CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php in the F ...)
- NOT-FOR-US: Wordpress plugin Feedweb
+ NOT-FOR-US: WordPress plugin Feedweb
CVE-2013-3719 (Cross-site scripting (XSS) vulnerability in the aiContactSafe componen ...)
NOT-FOR-US: Joomla!
CVE-2013-3718 (evince is missing a check on number of pages which can lead to a segme ...)
@@ -431723,7 +431723,7 @@ CVE-2013-2699 (Cross-site request forgery (CSRF) vulnerability in the underConst
CVE-2013-2698 (Cross-site request forgery (CSRF) vulnerability in the Calendar plugin ...)
NOT-FOR-US: WordPress plugin calendar
CVE-2013-2697 (Cross-site request forgery (CSRF) vulnerability in the WP-DownloadMana ...)
- NOT-FOR-US: Wordpress plugin Downloadmanager
+ NOT-FOR-US: WordPress plugin Downloadmanager
CVE-2013-2696 (Cross-site request forgery (CSRF) vulnerability in the All in One Webm ...)
NOT-FOR-US: WordPress plugin All in One Webmaster
CVE-2013-2695 (Cross-site scripting (XSS) vulnerability in invite.php in the WP Sympo ...)
@@ -435127,9 +435127,9 @@ CVE-2013-1658
CVE-2013-1657
RESERVED
CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the Fe ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-5263 (Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SA ...)
NOT-FOR-US: SAP NetWeaver
CVE-2011-5262 (SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allo ...)
@@ -437810,7 +437810,7 @@ CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath
CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary c ...)
NOT-FOR-US: ERDAS ER Viewer
CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php i ...)
- NOT-FOR-US: Wordpress plugin ecommerce Shop Styling
+ NOT-FOR-US: WordPress plugin ecommerce Shop Styling
CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsh ...)
NOT-FOR-US: Kingsoft Spreadsheets
CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ec_scan ...)
@@ -439762,9 +439762,9 @@ CVE-2012-6315
CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, wh ...)
NOT-FOR-US: Citrix XenDesktop
CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 f ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-6311
RESERVED
CVE-2012-6310
@@ -441163,7 +441163,7 @@ CVE-2012-5858 (Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP addre
CVE-2012-5857
RESERVED
CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cook ...)
- NOT-FOR-US: Wordpress plugin (uk cookie)
+ NOT-FOR-US: WordPress plugin (uk cookie)
CVE-2012-5855 (The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...)
- vlc <not-affected> (Windows only issue)
NOTE: Harmless crasher without security relevance
@@ -442246,7 +442246,7 @@ CVE-2012-5470 (libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote at
[wheezy] - vlc 2.0.3-4
[squeeze] - vlc <no-dsa> (Minor issue)
CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remot ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-5468 (Heap-based buffer overflow in iconvert.c in the bogolexer component in ...)
{DSA-2585-1}
- bogofilter 1.2.2+dfsg1-2 (bug #695139)
@@ -443569,7 +443569,7 @@ CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39,
CVE-2012-4921 (Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS ...)
NOT-FOR-US: WordPress plugin DVS Custom Notification
CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...)
- NOT-FOR-US: Wordpress plugin Zingiri Forum
+ NOT-FOR-US: WordPress plugin Zingiri Forum
CVE-2012-4919 (Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerabilit ...)
NOT-FOR-US: Gallery Plugin1.4 for WordPress
CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...)
@@ -444638,13 +444638,13 @@ CVE-2011-5109 (Multiple SQL injection vulnerabilities in Freelancer calendar 1.0
CVE-2011-5108 (Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0 ...)
NOT-FOR-US: AdaptCMS
CVE-2011-5107 (Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Be ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-5106 (Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexi ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-5105 (Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch. ...)
NOT-FOR-US: ZOHO ManageEngine ADSelfService Plus
CVE-2011-5104 (Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-l ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-5103 (SQL injection vulnerability in Alurian Prismotube PHP Video Script all ...)
NOT-FOR-US: Alurian Prismotube PHP Video Script
CVE-2012-4605 (The default configuration of the SMTP component in Websense Email Secu ...)
@@ -445455,7 +445455,7 @@ CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2)
CVE-2012-4333 (Multiple stack-based buffer overflows in the BackupToAvi method in the ...)
NOT-FOR-US: Samsung NET-i
CVE-2012-4332 (The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers t ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-4331 (Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x bef ...)
{DSA-2461-1}
- spip 2.1.13-1
@@ -445599,7 +445599,7 @@ CVE-2012-4273 (Cross-site scripting (XSS) vulnerability in libs/xing.php in the
CVE-2012-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Soc ...)
NOT-FOR-US: 2 Click Social Media Buttons plugin for WordPress
CVE-2012-4271 (Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wo ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-4270 (Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remot ...)
NOT-FOR-US: eFront
CVE-2012-4269 (Unrestricted file upload vulnerability in eFront 3.6.11 allows remote ...)
@@ -446837,7 +446837,7 @@ CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial o
CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA befo ...)
NOT-FOR-US: Sielco Sistemi Winlog
CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the Font ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-3813
RESERVED
CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open Sou ...)
@@ -447294,7 +447294,7 @@ CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attacke
CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin Newslet ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...)
- apt 0.7.25 (unimportant)
NOTE: net-update is disabled by default on Debian
@@ -447315,15 +447315,15 @@ CVE-2012-3580 (Symantec Messaging Gateway (SMG) before 10.0 allows remote authen
CVE-2012-3579 (Symantec Messaging Gateway (SMG) before 10.0 has a default password fo ...)
NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in the FCCha ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-3577 (Unrestricted file upload vulnerability in doupload.php in the Nmedia M ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-3576 (Unrestricted file upload vulnerability in php/upload.php in the wpStor ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-3575 (Unrestricted file upload vulnerability in uploader.php in the RBX Gall ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-3574 (Unrestricted file upload vulnerability in includes/doajaxfileupload.ph ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-3573
REJECTED
CVE-2012-3572 (Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and ...)
@@ -449455,7 +449455,7 @@ CVE-2012-2760 (mod_auth_openid before 0.7 for Apache uses world-readable permiss
- libapache2-mod-auth-openid 0.7-0.1 (low; bug #674165)
[squeeze] - libapache2-mod-auth-openid <no-dsa> (Minor issue)
CVE-2012-2759 (Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-2758
RESERVED
CVE-2012-2757
@@ -453813,9 +453813,9 @@ CVE-2012-1012 (server/server_stubs.c in the kadmin protocol implementation in MI
[squeeze] - krb5 <not-affected> (vulnerable code not present)
NOTE: bug was introduced in krb5 1.10
CVE-2012-1011 (actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remot ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2012-1010 (Unrestricted file upload vulnerability in actions.php in the AllWebMen ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-5077 (Unrestricted file upload vulnerability in attachement.php in HDWiki 5. ...)
NOT-FOR-US: HDWiki
CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, ...)
@@ -457448,7 +457448,7 @@ CVE-2011-4671 (SQL injection vulnerability in adrotate/adrotate-out.php in the A
CVE-2011-4670 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2. ...)
NOT-FOR-US: vTiger CRM
CVE-2011-4669 (SQL injection vulnerability in wp-users.php in WordPress Users plugin ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-4668 (IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers ...)
NOT-FOR-US: Tivoli
CVE-2011-4667 (The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and ...)
@@ -457494,7 +457494,7 @@ CVE-2011-4648
CVE-2011-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the story creat ...)
NOT-FOR-US: Geeklog
CVE-2011-4646 (SQL injection vulnerability in wp-postratings.php in the WP-PostRating ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-4645
RESERVED
CVE-2011-4644 (Splunk 4.2.5 and earlier, when a Free license is selected, enables pot ...)
@@ -457731,7 +457731,7 @@ CVE-2011-4564 (Cross-site scripting (XSS) vulnerability in the admin script in A
CVE-2011-4563 (Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4. ...)
NOT-FOR-US: JAKCMS
CVE-2011-4562 (Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/ ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-4561 (Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 ...)
NOT-FOR-US: Phorum
CVE-2011-4560 (Cross-site scripting (XSS) vulnerability in the Petition Node module 6 ...)
@@ -458325,7 +458325,7 @@ CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenki
CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 thro ...)
NOT-FOR-US: Apache MyFaces
CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the Ba ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-4341 (Multiple SQL injection vulnerabilities in symphony/content/content.pub ...)
NOT-FOR-US: Symphony CMS
CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2. ...)
@@ -459051,7 +459051,7 @@ CVE-2011-4107 (The simplexml_load_string function in the XML import plug-in (lib
[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
CVE-2011-4106 (TimThumb (timthumb.php) before 2.0 does not validate the entire source ...)
- NOT-FOR-US: wordpress plugin timthumb
+ NOT-FOR-US: WordPress plugin timthumb
CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of arbitra ...)
- lightdm 1.0.6-2
CVE-2011-4104 (The from_yaml method in serializers.py in Django Tastypie before 0.9.1 ...)
@@ -459469,7 +459469,7 @@ CVE-2010-4877 (Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2
CVE-2010-4876 (SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows ...)
NOT-FOR-US: mBlogger
CVE-2010-4875 (Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpo ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2010-4874 (Multiple cross-site scripting (XSS) vulnerabilities in users.php in Ni ...)
NOT-FOR-US: NinkoBB
CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 ...)
@@ -459611,7 +459611,7 @@ CVE-2008-7300 (The labeled networking implementation in Solaris Trusted Extensio
CVE-2000-1247 (The default configuration of the jserv-status handler in jserv.conf in ...)
- apache <removed>
CVE-2011-3981 (PHP remote file inclusion vulnerability in actions.php in the Allwebme ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-3980 (Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndro ...)
NOT-FOR-US: TYPO3 extension
CVE-2011-3979 (Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/ ...)
@@ -460063,7 +460063,7 @@ CVE-2011-3843
CVE-2011-3842
RESERVED
CVE-2011-3841 (Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avat ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-3840
RESERVED
CVE-2011-3839 (The administration functionality in Wuzly 2.0 allows remote attackers ...)
@@ -461183,7 +461183,7 @@ CVE-2011-3424 (Session fixation vulnerability in the Managed File Transfer serve
CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Transfer ...)
NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...)
- NOT-FOR-US: Wordpress plugin Event Registration
+ NOT-FOR-US: WordPress plugin Event Registration
CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component 1 ...)
NOT-FOR-US: Joomla!
CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport ...)
@@ -461700,7 +461700,7 @@ CVE-2010-4827 (Cross-site scripting (XSS) vulnerability in members.asp in Snitz
CVE-2010-4826 (SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 ...)
NOT-FOR-US: Snitz Forums
CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Tw ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the c ...)
- zabbix 1:1.8.9-1
[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
@@ -468074,7 +468074,7 @@ CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4
CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.2 ...)
NOT-FOR-US: pmwiki
CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in wordpress-processing-embed ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2011-1105 (Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allo ...)
NOT-FOR-US: Mutare EVM
CVE-2011-1104 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare E ...)
@@ -484819,7 +484819,7 @@ CVE-2009-4426 (Multiple directory traversal vulnerabilities in Ignition 1.2, whe
CVE-2009-4425 (Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 ...)
NOT-FOR-US: iDevCart
CVE-2009-4424 (SQL injection vulnerability in results.php in the Pyrmont plugin 2 for ...)
- NOT-FOR-US: Wordpress plugin
+ NOT-FOR-US: WordPress plugin
CVE-2009-XXXX [ampache DoS and CSRF]
- ampache 3.5.3-1 (low)
[lenny] - ampache <no-dsa> (minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19b423de7846e6cedcde63c4b574226c156ff16a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/19b423de7846e6cedcde63c4b574226c156ff16a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220425/6718d9e9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list