[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso Tue, 10 Sep 2019 13:13:34 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6c2b8e46 by Salvatore Bonaccorso at 2019-09-10T20:12:31Z
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -51,37 +51,37 @@ CVE-2019-16189
 CVE-2019-16188
        RESERVED
 CVE-2017-18611 (The magic-fields plugin before 1.7.2 for WordPress has XSS via 
the RCC ...)
-       TODO: check
+       NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18610 (The magic-fields plugin before 1.7.2 for WordPress has XSS via 
the RCC ...)
-       TODO: check
+       NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18609 (The magic-fields plugin before 1.7.2 for WordPress has XSS via 
the cus ...)
-       TODO: check
+       NOT-FOR-US: magic-fields plugin for WordPress
 CVE-2017-18608 (The spotim-comments plugin before 4.0.4 for WordPress has 
multiple XSS ...)
-       TODO: check
+       NOT-FOR-US: spotim-comments plugin for WordPress
 CVE-2017-18607 (The avada theme before 5.1.5 for WordPress has CSRF. ...)
-       TODO: check
+       NOT-FOR-US: avada theme for WordPress
 CVE-2017-18606 (The avada theme before 5.1.5 for WordPress has stored XSS. ...)
-       TODO: check
+       NOT-FOR-US: avada theme for WordPress
 CVE-2017-18605 (The gravitate-qa-tracker plugin through 1.2.1 for WordPress 
has PHP Ob ...)
-       TODO: check
+       NOT-FOR-US: gravitate-qa-tracker plugin for WordPress
 CVE-2017-18604 (The sitebuilder-dynamic-components plugin through 1.0 for 
WordPress ha ...)
-       TODO: check
+       NOT-FOR-US: sitebuilder-dynamic-components plugin for WordPress
 CVE-2017-18603 (The postman-smtp plugin through 2017-10-04 for WordPress has 
XSS via t ...)
        TODO: check
 CVE-2017-18602 (The examapp plugin 1.0 for WordPress has SQL injection via the 
wp-admi ...)
-       TODO: check
+       NOT-FOR-US: examapp plugin for WordPress
 CVE-2017-18601 (The examapp plugin 1.0 for WordPress has XSS via exam input 
text field ...)
-       TODO: check
+       NOT-FOR-US: examapp plugin for WordPress
 CVE-2017-18600 (The formcraft3 plugin before 3.4 for WordPress has stored XSS 
via the  ...)
-       TODO: check
+       NOT-FOR-US: formcraft3 plugin for WordPress
 CVE-2017-18599 (The Pinfinity theme before 2.0 for WordPress has XSS via the s 
paramet ...)
-       TODO: check
+       NOT-FOR-US: Pinfinity theme for WordPress
 CVE-2017-18598 (The Qards plugin through 2017-10-11 for WordPress has XSS via 
a remote ...)
        TODO: check
 CVE-2017-18597 (The jtrt-responsive-tables plugin before 4.1.2 for WordPress 
has SQL I ...)
-       TODO: check
+       NOT-FOR-US: jtrt-responsive-tables plugin for WordPress
 CVE-2017-18596 (The elementor plugin before 1.8.0 for WordPress has incorrect 
access c ...)
-       TODO: check
+       NOT-FOR-US: elementor plugin for WordPress
 CVE-2019-16187 (Limesurvey before 3.17.14 uses an anti-CSRF cookie without the 
HttpOnl ...)
        - limesurvey <itp> (bug #472802)
 CVE-2019-16186 (In Limesurvey before 3.17.14, admin users can access the 
plugin manage ...)
@@ -769,7 +769,7 @@ CVE-2019-15898 (Nagios Log Server before 2.0.8 allows 
Reflected XSS via the user
 CVE-2019-15897
        RESERVED
 CVE-2019-15896 (An issue was discovered in the LifterLMS plugin through 3.34.5 
for Wor ...)
-       TODO: check
+       NOT-FOR-US: LifterLMS plugin for WordPress
 CVE-2019-15895 (search-exclude.php in the "Search Exclude" plugin before 1.2.4 
for Wor ...)
        NOT-FOR-US: "Search Exclude" plugin for WordPress
 CVE-2019-15894
@@ -45279,15 +45279,15 @@ CVE-2019-0367
 CVE-2019-0366
        RESERVED
 CVE-2019-0365 (SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before 
versions 7. ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0364 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended 
Applic ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0363 (Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended 
Applic ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0362
        RESERVED
 CVE-2019-0361 (SAP Supplier Relationship Management (Master Data Management 
Catalog - ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0360
        RESERVED
 CVE-2019-0359
@@ -45295,17 +45295,17 @@ CVE-2019-0359
 CVE-2019-0358
        RESERVED
 CVE-2019-0357 (The administrator of SAP HANA database, before versions 1.0 and 
2.0, c ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0356 (Under certain conditions SAP NetWeaver Process Integration 
Runtime Wor ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0355 (SAP NetWeaver Application Server Java Web Container, ENGINEAPI 
(before ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0354
        RESERVED
 CVE-2019-0353 (Under certain conditions SAP Business One client (B1_ON_HANA, 
SAP-M-BO ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0352 (In SAP Business Objects Business Intelligence Platform, before 
version ...)
-       TODO: check
+       NOT-FOR-US: SAP
 CVE-2019-0351 (A remote code execution vulnerability exists in the SAP 
NetWeaver UDDI ...)
        NOT-FOR-US: SAP
 CVE-2019-0350



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c2b8e4630adb32ffbad102ff85a7e4ab2e9b7ef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/6c2b8e4630adb32ffbad102ff85a7e4ab2e9b7ef
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process several NFUs

Reply via email to