Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
31ec0a44 by Salvatore Bonaccorso at 2019-10-10T20:15:45Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -117,53 +117,53 @@ CVE-2019-17430 (EyouCms through 2019-07-11 has XSS
related to the login.php web_
CVE-2019-17429 (Adhouma CMS through 2019-10-09 has SQL Injection via the
post.php p_id ...)
TODO: check
CVE-2015-9480 (The RobotCPA plugin 5 for WordPress has directory traversal via
the f. ...)
- TODO: check
+ NOT-FOR-US: RobotCPA plugin for WordPress
CVE-2015-9479 (The ACF-Frontend-Display plugin through 2015-07-03 for
WordPress has a ...)
TODO: check
CVE-2015-9478 (prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. ...)
TODO: check
CVE-2015-9477 (The Vernissage theme 1.2.8 for WordPress has insufficient
restrictions ...)
- TODO: check
+ NOT-FOR-US: Vernissage theme for WordPress
CVE-2015-9476 (The Teardrop theme 1.8.1 for WordPress has insufficient
restrictions o ...)
- TODO: check
+ NOT-FOR-US: Teardrop theme for WordPress
CVE-2015-9475 (The Pont theme 1.5 for WordPress has insufficient restrictions
on opti ...)
- TODO: check
+ NOT-FOR-US: Pont theme for WordPress
CVE-2015-9474 (The Simpolio theme 1.3.2 for WordPress has insufficient
restrictions o ...)
- TODO: check
+ NOT-FOR-US: Simpolio theme for WordPress
CVE-2015-9473 (The estrutura-basica theme through 2015-09-13 for WordPress has
direct ...)
TODO: check
CVE-2015-9472 (The incoming-links plugin before 0.9.10b for WordPress has
referrers.p ...)
- TODO: check
+ NOT-FOR-US: incoming-links plugin for WordPress
CVE-2015-9471 (The dzs-zoomsounds plugin through 2.0 for WordPress has
admin/upload.p ...)
- TODO: check
+ NOT-FOR-US: dzs-zoomsounds plugin for WordPress
CVE-2015-9470 (The history-collection plugin through 1.1.1 for WordPress has
director ...)
- TODO: check
+ NOT-FOR-US: history-collection plugin for WordPress
CVE-2015-9469 (The content-grabber plugin 1.0 for WordPress has XSS via
obj_field_nam ...)
- TODO: check
+ NOT-FOR-US: content-grabber plugin for WordPress
CVE-2015-9468 (The broken-link-manager plugin 0.4.5 for WordPress has XSS via
the pag ...)
- TODO: check
+ NOT-FOR-US: broken-link-manager plugin for WordPress
CVE-2015-9467 (The broken-link-manager plugin before 0.5.0 for WordPress has
wpslDelU ...)
- TODO: check
+ NOT-FOR-US: broken-link-manager plugin for WordPress
CVE-2015-9466 (The wti-like-post plugin before 1.4.3 for WordPress has
WtiLikePostPro ...)
- TODO: check
+ NOT-FOR-US: wti-like-post plugin for WordPress
CVE-2015-9465 (The yet-another-stars-rating plugin before 0.9.1 for WordPress
has yas ...)
- TODO: check
+ NOT-FOR-US: yet-another-stars-rating plugin for WordPress
CVE-2015-9464 (The s3bubble-amazon-s3-html-5-video-with-adverts plugin 0.7 for
WordPr ...)
- TODO: check
+ NOT-FOR-US: s3bubble-amazon-s3-html-5-video-with-adverts plugin for
WordPress
CVE-2015-9463 (The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress
has di ...)
- TODO: check
+ NOT-FOR-US: s3bubble-amazon-s3-audio-streaming plugin for WordPress
CVE-2015-9462 (The awesome-filterable-portfolio plugin before 1.9 for
WordPress has a ...)
- TODO: check
+ NOT-FOR-US: awesome-filterable-portfolio plugin for WordPress
CVE-2015-9461 (The awesome-filterable-portfolio plugin before 1.9 for
WordPress has a ...)
- TODO: check
+ NOT-FOR-US: awesome-filterable-portfolio plugin for WordPress
CVE-2015-9460 (The booking-system plugin before 2.1 for WordPress has
DOPBSPBackEndTr ...)
- TODO: check
+ NOT-FOR-US: booking-system plugin for WordPress
CVE-2015-9459 (The searchterms-tagging-2 plugin through 1.535 for WordPress
has XSS v ...)
- TODO: check
+ NOT-FOR-US: searchterms-tagging-2 plugin for WordPress
CVE-2015-9458 (The searchterms-tagging-2 plugin through 1.535 for WordPress
has SQL i ...)
- TODO: check
+ NOT-FOR-US: searchterms-tagging-2 plugin for WordPress
CVE-2015-9457 (The pretty-link plugin before 1.6.8 for WordPress has
PrliLinksControl ...)
- TODO: check
+ NOT-FOR-US: pretty-link plugin for WordPress
CVE-2019-17428
RESERVED
CVE-2019-17427 (In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent
XSS exists ...)
@@ -907,11 +907,11 @@ CVE-2019-17074 (An issue was discovered in XunRuiCMS
4.3.1. There is a stored XS
CVE-2019-17073 (emlog through 6.0.0beta allows remote authenticated users to
delete ar ...)
NOT-FOR-US: emlog
CVE-2019-17072 (The new-contact-form-widget (aka Contact Form Widget - Contact
Query, ...)
- TODO: check
+ NOT-FOR-US: new-contact-form-widget (aka Contact Form Widget - Contact
Query, Form Maker) plugin for WordPress
CVE-2019-17071 (The client-dash (aka Client Dash) plugin 2.1.4 for WordPress
allows XS ...)
- TODO: check
+ NOT-FOR-US: client-dash (aka Client Dash) plugin for WordPress
CVE-2019-17070 (The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin
1.0.5 for ...)
- TODO: check
+ NOT-FOR-US: liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin
for WordPress
CVE-2019-17069 (PuTTY before 0.73 might allow remote SSH-1 servers to cause a
denial o ...)
- putty 0.73-1 (unimportant)
NOTE:
https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
@@ -37200,7 +37200,7 @@ CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1
Backup-Archive Client is vul
CVE-2019-4266
RESERVED
CVE-2019-4265 (IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not
have devic ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to
obtain sen ...)
NOT-FOR-US: IBM
CVE-2019-4263 (IBM Content Navigator 3.0CD is vulnerable to local file
inclusion, all ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31ec0a442fd4f345198e64ccc07a5cb642ef3e83
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/31ec0a442fd4f345198e64ccc07a5cb642ef3e83
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
