Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca04890e by Salvatore Bonaccorso at 2019-08-30T06:12:00Z
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -62,31 +62,31 @@ CVE-2019-15783 (Lute-Tab before 2019-08-23 has a buffer
overflow in pdf_print.cc
CVE-2019-15782 (WebTorrent before 0.107.6 allows XSS in the HTTP server via a
title or ...)
TODO: check
CVE-2019-15781 (The facebook-by-weblizar plugin before 2.8.5 for WordPress has
CSRF. ...)
- TODO: check
+ NOT-FOR-US: facebook-by-weblizar plugin for WordPress
CVE-2019-15780 (The formidable plugin before 4.02.01 for WordPress has unsafe
deserial ...)
- TODO: check
+ NOT-FOR-US: formidable plugin for WordPress
CVE-2019-15779 (The insta-gallery plugin before 2.4.8 for WordPress has no
nonce valid ...)
- TODO: check
+ NOT-FOR-US: insta-gallery plugin for WordPress
CVE-2019-15778 (The woo-variation-gallery plugin before 1.1.29 for WordPress
has XSS. ...)
- TODO: check
+ NOT-FOR-US: woo-variation-gallery plugin for WordPress
CVE-2019-15777 (The shapepress-dsgvo plugin before 2.2.19 for WordPress has
wp-admin/a ...)
- TODO: check
+ NOT-FOR-US: shapepress-dsgvo plugin for WordPress
CVE-2019-15776 (The simple-301-redirects-addon-bulk-uploader plugin before
1.2.5 for W ...)
- TODO: check
+ NOT-FOR-US: simple-301-redirects-addon-bulk-uploader plugin for
WordPress
CVE-2019-15775 (The nd-learning plugin before 4.8 for WordPress has a nopriv_
AJAX act ...)
- TODO: check
+ NOT-FOR-US: nd-learning plugin for WordPress
CVE-2019-15774 (The nd-booking plugin before 2.5 for WordPress has a nopriv_
AJAX acti ...)
- TODO: check
+ NOT-FOR-US: nd-booking plugin for WordPress
CVE-2019-15773 (The nd-travel plugin before 1.7 for WordPress has a nopriv_
AJAX actio ...)
- TODO: check
+ NOT-FOR-US: nd-travel plugin for WordPress
CVE-2019-15772 (The nd-donations plugin before 1.4 for WordPress has a nopriv_
AJAX ac ...)
- TODO: check
+ NOT-FOR-US: nd-donations plugin for WordPress
CVE-2019-15771 (The nd-shortcodes plugin before 6.0 for WordPress has a
nopriv_ AJAX a ...)
- TODO: check
+ NOT-FOR-US: nd-shortcodes plugin for WordPress
CVE-2019-15770 (The woo-address-book plugin before 1.6.0 for WordPress has
save calls ...)
- TODO: check
+ NOT-FOR-US: woo-address-book plugin for WordPress
CVE-2019-15769 (The handl-utm-grabber plugin before 2.6.5 for WordPress has
CSRF via a ...)
- TODO: check
+ NOT-FOR-US: handl-utm-grabber plugin for WordPress
CVE-2019-15768
RESERVED
CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in
the cmd_ ...)
@@ -128,7 +128,7 @@ CVE-2019-15753 (In OpenStack os-vif 1.15.x before 1.15.2,
and 1.16.0, a hard-cod
CVE-2019-15752 (Docker Desktop Community Edition before 2.1.0.1 allows local
users to ...)
TODO: check
CVE-2018-21007 (The woo-confirmation-email plugin before 3.2.0 for WordPress
has no bl ...)
- TODO: check
+ NOT-FOR-US: woo-confirmation-email plugin for WordPress
CVE-2017-18594 (nse_libssh2.cc in Nmap 7.70 is subject to a denial of service
conditio ...)
TODO: check
CVE-2019-15751
@@ -2375,11 +2375,11 @@ CVE-2019-14980 (In ImageMagick 7.x before 7.0.8-42 and
6.x before 6.9.10-42, the
NOTE: Introduced in
https://github.com/ImageMagick/ImageMagick6/commit/6f29b3755748a899145b639195dd3bc640d36bb4
(6.9.10-24)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/614a257295bdcdeda347086761062ac7658b6830
(6.9.10-42)
CVE-2019-14979 (cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout
Payment Ga ...)
- TODO: check
+ NOT-FOR-US: WooCommerce PayPal Checkout Payment Gateway plugin for
WordPress
CVE-2019-14978 (/payu/icpcheckout/ in the WooCommerce PayU India Payment
Gateway plugi ...)
- TODO: check
+ NOT-FOR-US: WooCommerce PayU India Payment Gateway plugin for WordPress
CVE-2019-14977 (card/pay/.../amount in the WooCommerce Instamojo Payment
Gateway plugi ...)
- TODO: check
+ NOT-FOR-US: WooCommerce Instamojo Payment Gateway plugin for WordPress
CVE-2019-14976 (iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords
parameter ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-14975 (Artifex MuPDF before 1.16.0 has a heap-based buffer over-read
in fz_ch ...)
@@ -31600,7 +31600,7 @@ CVE-2019-4538
CVE-2019-4537
RESERVED
CVE-2019-4536 (IBM i 7.4 users who have done a Restore User Profile
(RSTUSRPRF) on a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4535
RESERVED
CVE-2019-4534
@@ -32406,9 +32406,9 @@ CVE-2019-4135 (IBM Security Access Manager 9.0.1
through 9.0.6 is affected by a
CVE-2019-4134 (IBM Planning Analytics 2.0 is vulnerable to cross-site
scripting. This ...)
NOT-FOR-US: IBM
CVE-2019-4133 (IBM Cloud Automation Manager 3.1.2 could allow a malicious user
on the ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4132 (IBM Cloud Automation Manager 3.1.2 could allow a user to be
impropertl ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4131 (IBM Application Performance Management (IBM Monitoring 8.1.4)
could al ...)
NOT-FOR-US: IBM
CVE-2019-4130
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca04890e55f7d53705ee51d871ada36ec749345d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ca04890e55f7d53705ee51d871ada36ec749345d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
