Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6e12a7bb by Salvatore Bonaccorso at 2019-08-22T20:18:02Z
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before
9.1.2 for W ...)
- TODO: check
+ NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for
WordPress
CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has
insufficient ...)
- TODO: check
+ NOT-FOR-US: webp-express plugin for WordPress
CVE-2019-15329
RESERVED
CVE-2019-15328
@@ -13,55 +13,55 @@ CVE-2019-15326
CVE-2019-15325
RESERVED
CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval
injection in the ...)
- TODO: check
+ NOT-FOR-US: wpgform plugin for WordPress
CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has
PHP objec ...)
- TODO: check
+ NOT-FOR-US: newsletters-lite plugin for WordPress
CVE-2017-18586 (The insert-pages plugin before 3.2.4 for WordPress has
directory trave ...)
- TODO: check
+ NOT-FOR-US: insert-pages plugin for WordPress
CVE-2016-10930 (The wp-support-plus-responsive-ticket-system plugin before
7.1.0 for W ...)
- TODO: check
+ NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for
WordPress
CVE-2015-9341 (The wp-file-upload plugin before 3.4.1 for WordPress has
insufficient ...)
- TODO: check
+ NOT-FOR-US: wp-file-upload plugin for WordPress
CVE-2015-9340 (The wp-file-upload plugin before 3.0.0 for WordPress has
insufficient ...)
- TODO: check
+ NOT-FOR-US: wp-file-upload plugin for WordPress
CVE-2015-9339 (The wp-file-upload plugin before 2.7.1 for WordPress has
insufficient ...)
- TODO: check
+ NOT-FOR-US: wp-file-upload plugin for WordPress
CVE-2015-9338 (The wp-file-upload plugin before 2.5.0 for WordPress has
insufficient ...)
- TODO: check
+ NOT-FOR-US: wp-file-upload plugin for WordPress
CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has
JavaScript inje ...)
- TODO: check
+ NOT-FOR-US: rich-counter plugin for WordPress
CVE-2014-10393
RESERVED
CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: cforms2 plugin for WordPress
CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1
for Wor ...)
- TODO: check
+ NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for
WordPress
CVE-2014-10390 (The wp-support-plus-responsive-ticket-system plugin before 4.2
for Wor ...)
- TODO: check
+ NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for
WordPress
CVE-2014-10389 (The wp-support-plus-responsive-ticket-system plugin before 4.2
for Wor ...)
- TODO: check
+ NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for
WordPress
CVE-2014-10388 (The wp-support-plus-responsive-ticket-system plugin before 4.2
for Wor ...)
- TODO: check
+ NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for
WordPress
CVE-2014-10387 (The wp-support-plus-responsive-ticket-system plugin before 4.2
for Wor ...)
- TODO: check
+ NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for
WordPress
CVE-2014-10386 (The wp-live-chat-support plugin before 4.1.0 for WordPress has
JavaScr ...)
- TODO: check
+ NOT-FOR-US: wp-live-chat-support plugin for WordPress
CVE-2019-15324 (The ad-inserter plugin before 2.4.22 for WordPress has remote
code exe ...)
- TODO: check
+ NOT-FOR-US: ad-inserter plugin for WordPress
CVE-2019-15323 (The ad-inserter plugin before 2.4.20 for WordPress has path
traversal. ...)
- TODO: check
+ NOT-FOR-US: ad-inserter plugin for WordPress
CVE-2019-15322 (The shortcode-factory plugin before 2.8 for WordPress has
Local File I ...)
- TODO: check
+ NOT-FOR-US: shortcode-factory plugin for WordPress
CVE-2019-15321 (The option-tree plugin before 2.7.3 for WordPress has Object
Injection ...)
- TODO: check
+ NOT-FOR-US: option-tree plugin for WordPress
CVE-2019-15320 (The option-tree plugin before 2.7.3 for WordPress has Object
Injection ...)
- TODO: check
+ NOT-FOR-US: option-tree plugin for WordPress
CVE-2019-15319 (The option-tree plugin before 2.7.0 for WordPress has Object
Injection ...)
- TODO: check
+ NOT-FOR-US: option-tree plugin for WordPress
CVE-2019-15318 (The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for
WordPres ...)
- TODO: check
+ NOT-FOR-US: yikes-inc-easy-mailchimp-extender plugin for WordPress
CVE-2019-15317 (The give plugin before 2.4.7 for WordPress has XSS via a donor
name. ...)
- TODO: check
+ NOT-FOR-US: give plugin for WordPress
CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak
folder perm ...)
TODO: check
CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows
privilege esc ...)
@@ -69,117 +69,117 @@ CVE-2019-15315 (Valve Steam Client for Windows through
2019-08-16 allows privile
CVE-2018-20986
RESERVED
CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local
file inc ...)
- TODO: check
+ NOT-FOR-US: wp-payeezy-pay plugin for WordPress
CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has
Object Injec ...)
- TODO: check
+ NOT-FOR-US: patreon-connect plugin for WordPress
CVE-2018-20983 (The wp-retina-2x plugin before 5.2.3 for WordPress has XSS.
...)
- TODO: check
+ NOT-FOR-US: wp-retina-2x plugin for WordPress
CVE-2018-20982 (The media-library-assistant plugin before 2.74 for WordPress
has XSS v ...)
- TODO: check
+ NOT-FOR-US: media-library-assistant plugin for WordPress
CVE-2018-20981 (The ninja-forms plugin before 3.3.9 for WordPress has
insufficient res ...)
- TODO: check
+ NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for WordPress has
parameter tampe ...)
- TODO: check
+ NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has
privilege esc ...)
- TODO: check
+ NOT-FOR-US: contact-form-7 plugin for WordPress
CVE-2017-18585
RESERVED
CVE-2017-18584 (The post-pay-counter plugin before 2.731 for WordPress has no
permissi ...)
- TODO: check
+ NOT-FOR-US: post-pay-counter plugin for WordPress
CVE-2017-18583 (The post-pay-counter plugin before 2.731 for WordPress has PHP
Object ...)
- TODO: check
+ NOT-FOR-US: post-pay-counter plugin for WordPress
CVE-2017-18582 (The time-sheets plugin before 1.5.2 for WordPress has multiple
XSS iss ...)
- TODO: check
+ NOT-FOR-US: time-sheets plugin for WordPress
CVE-2017-18581 (The time-sheets plugin before 1.5.0 for WordPress has XSS via
the old ...)
- TODO: check
+ NOT-FOR-US: time-sheets plugin for WordPress
CVE-2017-18580 (The shortcodes-ultimate plugin before 5.0.1 for WordPress has
remote c ...)
- TODO: check
+ NOT-FOR-US: shortcodes-ultimate plugin for WordPress
CVE-2017-18579
RESERVED
CVE-2017-18578
RESERVED
CVE-2017-18577 (The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS
via the ...)
- TODO: check
+ NOT-FOR-US: mailchimp-for-wp plugin for WordPress
CVE-2017-18576 (The event-notifier plugin before 1.2.1 for WordPress has XSS
via the l ...)
- TODO: check
+ NOT-FOR-US: event-notifier plugin for WordPress
CVE-2017-18575 (The newstatpress plugin before 1.2.5 for WordPress has
multiple stored ...)
- TODO: check
+ NOT-FOR-US: newstatpress plugin for WordPress
CVE-2017-18574 (The ninja-forms plugin before 3.0.31 for WordPress has
insufficient HT ...)
- TODO: check
+ NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2017-18573 (The simple-login-log plugin before 1.1.2 for WordPress has SQL
injecti ...)
- TODO: check
+ NOT-FOR-US: simple-login-log plugin for WordPress
CVE-2017-18572 (The gnucommerce plugin before 1.4.2 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: gnucommerce plugin for WordPress
CVE-2017-18571 (The search-everything plugin before 8.1.7 for WordPress has
SQL inject ...)
- TODO: check
+ NOT-FOR-US: search-everything plugin for WordPress
CVE-2017-18570 (The cforms2 plugin before 14.13 for WordPress has SQL
injection in the ...)
- TODO: check
+ NOT-FOR-US: cforms2 plugin for WordPress
CVE-2016-10929
RESERVED
CVE-2016-10928
RESERVED
CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11 for WordPress has
SSRF in aj ...)
- TODO: check
+ NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2016-10926 (The nelio-ab-testing plugin before 4.5.9 for WordPress has
SSRF in aja ...)
- TODO: check
+ NOT-FOR-US: nelio-ab-testing plugin for WordPress
CVE-2016-10925 (The peters-login-redirect plugin before 2.9.1 for WordPress
has XSS du ...)
- TODO: check
+ NOT-FOR-US: peters-login-redirect plugin for WordPress
CVE-2016-10924 (The ebook-download plugin before 1.2 for WordPress has
directory trave ...)
- TODO: check
+ NOT-FOR-US: ebook-download plugin for WordPress
CVE-2016-10923 (The woocommerce-store-toolkit plugin before 1.5.8 for
WordPress has pr ...)
- TODO: check
+ NOT-FOR-US: woocommerce-store-toolkit plugin for WordPress
CVE-2016-10922 (The woocommerce-store-toolkit plugin before 1.5.7 for
WordPress has pr ...)
- TODO: check
+ NOT-FOR-US: woocommerce-store-toolkit plugin for WordPress
CVE-2016-10921 (The gallery-photo-gallery plugin before 1.0.1 for WordPress
has SQL in ...)
- TODO: check
+ NOT-FOR-US: gallery-photo-gallery plugin for WordPress
CVE-2016-10920 (The gnucommerce plugin before 0.5.7-BETA for WordPress has
XSS. ...)
TODO: check
CVE-2016-10919 (The wassup plugin before 1.9.1 for WordPress has XSS via the
Top stats ...)
- TODO: check
+ NOT-FOR-US: wassup plugin for WordPress
CVE-2016-10918 (The gallery-by-supsystic plugin before 1.8.6 for WordPress has
CSRF. ...)
- TODO: check
+ NOT-FOR-US: gallery-by-supsystic plugin for WordPress
CVE-2016-10917 (The search-everything plugin before 8.1.6 for WordPress has
SQL inject ...)
- TODO: check
+ NOT-FOR-US: search-everything plugin for WordPress
CVE-2016-10916 (The appointment-booking-calendar plugin before 1.1.24 for
WordPress ha ...)
- TODO: check
+ NOT-FOR-US: appointment-booking-calendar plugin for WordPress
CVE-2015-9337 (The profile-builder plugin before 2.1.4 for WordPress has no
access co ...)
- TODO: check
+ NOT-FOR-US: profile-builder plugin for WordPress
CVE-2015-9336 (The clean-login plugin before 1.5.1 for WordPress has reflected
XSS. ...)
- TODO: check
+ NOT-FOR-US: clean-login plugin for WordPress
CVE-2015-9335 (The limit-attempts plugin before 1.1.1 for WordPress has SQL
injection ...)
- TODO: check
+ NOT-FOR-US: limit-attempts plugin for WordPress
CVE-2015-9334
RESERVED
CVE-2015-9333 (The cforms2 plugin before 14.6.10 for WordPress has SQL
injection. ...)
- TODO: check
+ NOT-FOR-US: cforms2 plugin for WordPress
CVE-2014-10385 (The memphis-documents-library plugin before 3.0 for WordPress
has XSS ...)
- TODO: check
+ NOT-FOR-US: memphis-documents-library plugin for WordPress
CVE-2014-10384 (The memphis-documents-library plugin before 3.0 for WordPress
has Loca ...)
- TODO: check
+ NOT-FOR-US: memphis-documents-library plugin for WordPress
CVE-2014-10383 (The memphis-documents-library plugin before 3.0 for WordPress
has Remo ...)
- TODO: check
+ NOT-FOR-US: memphis-documents-library plugin for WordPress
CVE-2014-10382
RESERVED
CVE-2013-7483
RESERVED
CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS.
...)
- TODO: check
+ NOT-FOR-US: reflex-gallery plugin for WordPress
CVE-2013-7481 (The contact-form-plugin plugin before 3.3.5 for WordPress has
XSS. ...)
- TODO: check
+ NOT-FOR-US: contact-form-plugin plugin for WordPress
CVE-2013-7480 (The events-manager plugin before 5.3.6.1 for WordPress has XSS
via the ...)
- TODO: check
+ NOT-FOR-US: events-manager plugin for WordPress
CVE-2013-7479 (The events-manager plugin before 5.3.9 for WordPress has XSS in
the se ...)
- TODO: check
+ NOT-FOR-US: events-manager plugin for WordPress
CVE-2013-7478 (The events-manager plugin before 5.5 for WordPress has XSS via
EM_Tick ...)
- TODO: check
+ NOT-FOR-US: events-manager plugin for WordPress
CVE-2013-7477 (The events-manager plugin before 5.5.2 for WordPress has XSS in
the bo ...)
- TODO: check
+ NOT-FOR-US: events-manager plugin for WordPress
CVE-2012-6716 (The events-manager plugin before 5.1.7 for WordPress has XSS
via JSON ...)
- TODO: check
+ NOT-FOR-US: events-manager plugin for WordPress
CVE-2009-5158 (The google-analyticator plugin before 5.2.1 for WordPress has
insuffic ...)
- TODO: check
+ NOT-FOR-US: google-analyticator plugin for WordPress
CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...)
- TODO: check
+ NOT-FOR-US: tubepress plugin for WordPress
CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers
to uplo ...)
TODO: check
CVE-2019-15313
@@ -2021,9 +2021,9 @@ CVE-2019-14688
CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password
Manager 5 ...)
NOT-FOR-US: Trend Micro
CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro
Security's 201 ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2019-14685 (A local privilege escalation vulnerability exists in Trend
Micro Secur ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password
Manager 5 ...)
NOT-FOR-US: Trend Micro
CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before
1.14.2.2 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e12a7bb0d5bba9064aeb40f272a7dbb78fb7f1c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6e12a7bb0d5bba9064aeb40f272a7dbb78fb7f1c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
