Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0286f662 by Salvatore Bonaccorso at 2019-08-14T20:19:17Z Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -59,68 +59,68 @@ CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Andro CVE-2019-15026 RESERVED CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...) - TODO: check + NOT-FOR-US: ninja-forms plugin for WordPress CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: wp-ultimate-exporter plugin for WordPress CVE-2018-20967 (The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSR ...) - TODO: check + NOT-FOR-US: wp-ultimate-csv-importer plugin for WordPress CVE-2017-18515 (The wp-statistics plugin before 12.0.8 for WordPress has SQL injection ...) - TODO: check + NOT-FOR-US: wp-statistics plugin for WordPress CVE-2017-18514 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...) - TODO: check + NOT-FOR-US: simple-login-log plugin for WordPress CVE-2017-18513 (The responsive-menu plugin before 3.1.4 for WordPress has no CSRF prot ...) - TODO: check + NOT-FOR-US: responsive-menu plugin for WordPress CVE-2017-18512 (The newsletter-by-supsystic plugin before 1.1.8 for WordPress has CSRF ...) - TODO: check + NOT-FOR-US: newsletter-by-supsystic plugin for WordPress CVE-2017-18511 (The custom-sidebars plugin before 3.0.8.1 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: custom-sidebars plugin for WordPress CVE-2017-18510 (The custom-sidebars plugin before 3.1.0 for WordPress has CSRF related ...) - TODO: check + NOT-FOR-US: custom-sidebars plugin for WordPress CVE-2016-10889 (The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injecti ...) - TODO: check + NOT-FOR-US: nextgen-gallery plugin for WordPress CVE-2016-10888 (The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPr ...) - TODO: check + NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress CVE-2016-10887 (The all-in-one-wp-security-and-firewall plugin before 4.0.9 for WordPr ...) - TODO: check + NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress CVE-2016-10886 (The wp-editor plugin before 1.2.6 for WordPress has incorrect permissi ...) - TODO: check + NOT-FOR-US: wp-editor plugin for WordPress CVE-2016-10885 (The wp-editor plugin before 1.2.6 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: wp-editor plugin for WordPress CVE-2016-10884 (The simple-membership plugin before 3.3.3 for WordPress has multiple C ...) - TODO: check + NOT-FOR-US: simple-membership plugin for WordPress CVE-2016-10883 (The simple-add-pages-or-posts plugin before 1.7 for WordPress has CSRF ...) - TODO: check + NOT-FOR-US: simple-add-pages-or-posts plugin for WordPress CVE-2016-10882 (The google-document-embedder plugin before 2.6.2 for WordPress has CSR ...) - TODO: check + NOT-FOR-US: google-document-embedder plugin for WordPress CVE-2016-10881 (The google-document-embedder plugin before 2.6.2 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: google-document-embedder plugin for WordPress CVE-2016-10880 (The google-document-embedder plugin before 2.6.1 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: google-document-embedder plugin for WordPress CVE-2015-9316 (The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injec ...) - TODO: check + NOT-FOR-US: wp-fastest-cache plugin for WordPress CVE-2015-9315 (The newstatpress plugin before 1.0.1 for WordPress has SQL injection. ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9314 (The newstatpress plugin before 1.0.4 for WordPress has XSS related to ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9313 (The newstatpress plugin before 1.0.5 for WordPress has SQL injection r ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9312 (The newstatpress plugin before 1.0.5 for WordPress has XSS related to ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9311 (The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2015-9310 (The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPr ...) - TODO: check + NOT-FOR-US: all-in-one-wp-security-and-firewall plugin for WordPress CVE-2015-9309 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...) - TODO: check + NOT-FOR-US: wp-google-map-plugin plugin for WordPress CVE-2015-9308 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...) - TODO: check + NOT-FOR-US: wp-google-map-plugin plugin for WordPress CVE-2015-9307 (The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF i ...) - TODO: check + NOT-FOR-US: wp-google-map-plugin plugin for WordPress CVE-2014-10375 (handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a nega ...) - libexosip2 <unfixed> (bug #934766) NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=2549e421c14aff886629b8482c14af800f411070 CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...) - TODO: check + NOT-FOR-US: simple-fields plugin for WordPress CVE-2019-15024 RESERVED CVE-2019-15023 @@ -10249,7 +10249,7 @@ CVE-2019-11654 CVE-2019-11653 (Remote Access Control Bypass in Micro Focus Content Manager. versions ...) NOT-FOR-US: Micro Focus CVE-2019-11652 (A potential authorization bypass issue was found in Micro Focus Self S ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2019-11651 RESERVED CVE-2019-11650 (A potential Man in the Middle attack (MITM) was found in NetIQ Advance ...) @@ -41363,47 +41363,47 @@ CVE-2019-0353 CVE-2019-0352 RESERVED CVE-2019-0351 (A remote code execution vulnerability exists in the SAP NetWeaver UDDI ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0350 RESERVED CVE-2019-0349 (SAP Kernel (ABAP Debugger), versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7. ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0348 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence), ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0347 RESERVED CVE-2019-0346 (Unencrypted communication error in SAP Business Objects Business Intel ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0345 (A remote unauthenticated attacker can abuse a web service in SAP NetWe ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0344 (Due to unsafe deserialization used in SAP Commerce Cloud (virtualjdbc ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0343 (SAP Commerce Cloud (Mediaconversion Extension), versions 6.4, 6.5, 6.6 ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0342 RESERVED CVE-2019-0341 (The session cookie used by SAP Enable Now, version 1902, does not have ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0340 (The XML parser, which is being used by SAP Enable Now, before version ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0339 RESERVED CVE-2019-0338 (During an OData V2/V4 request in SAP Gateway, versions 750, 751, 752, ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0337 (Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10 ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0336 RESERVED CVE-2019-0335 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0334 (When creating a module in SAP BusinessObjects Business Intelligence Pl ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0333 (In some situations, when a client cancels a query in SAP BusinessObjec ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0332 (SAP BusinessObjects Business Intelligence Platform (Info View), versio ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0331 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...) - TODO: check + NOT-FOR-US: SAP CVE-2019-0330 (The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand C ...) NOT-FOR-US: SAP CVE-2019-0329 (SAP Information Steward, version 4.2, does not sufficiently encode use ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0286f6621bccbb1f7f8eae18a87cd9b72432ef86 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0286f6621bccbb1f7f8eae18a87cd9b72432ef86 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits