diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2019-08-22 22:18:02 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2019-08-22 22:18:02 +0200 |
commit | 8a610296cf4efa764e9896c311ffe96f154575c9 (patch) | |
tree | bcd2f9d5ab8a732060e8af78b0b48eb8622960cb | |
parent | cbeb4b19457efb0c1362e3bfba446e1319ee0805 (diff) |
Process several NFUs
-rw-r--r-- | data/CVE/2008.list | 2 | ||||
-rw-r--r-- | data/CVE/2009.list | 2 | ||||
-rw-r--r-- | data/CVE/2012.list | 2 | ||||
-rw-r--r-- | data/CVE/2013.list | 12 | ||||
-rw-r--r-- | data/CVE/2014.list | 22 | ||||
-rw-r--r-- | data/CVE/2015.list | 16 | ||||
-rw-r--r-- | data/CVE/2016.list | 24 | ||||
-rw-r--r-- | data/CVE/2017.list | 28 | ||||
-rw-r--r-- | data/CVE/2018.list | 18 | ||||
-rw-r--r-- | data/CVE/2019.list | 24 |
10 files changed, 75 insertions, 75 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 7a1025db91..491381c1b1 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -1,5 +1,5 @@ CVE-2008-7321 (The tubepress plugin before 1.6.5 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: tubepress plugin for WordPress CVE-2008-7320 (** DISPUTED ** GNOME Seahorse through 3.30 allows physically proximate ...) - seahorse <unfixed> (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774 diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 5fedcfb7f6..67390783fb 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,5 +1,5 @@ CVE-2009-5158 (The google-analyticator plugin before 5.2.1 for WordPress has insuffic ...) - TODO: check + NOT-FOR-US: google-analyticator plugin for WordPress CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...) NOT-FOR-US: Linksys CVE-2009-5156 (An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Co ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index d79a5e8b6c..64db7c401c 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1,5 +1,5 @@ CVE-2012-6716 (The events-manager plugin before 5.1.7 for WordPress has XSS via JSON ...) - TODO: check + NOT-FOR-US: events-manager plugin for WordPress CVE-2012-6715 (The formbuilder plugin before 0.9.1 for WordPress has XSS via a Refere ...) NOT-FOR-US: formbuilder plugin for WordPress CVE-2012-6714 (The count-per-day plugin before 3.2.3 for WordPress has XSS via search ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 75775ec3c6..4d20833055 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,17 +1,17 @@ CVE-2013-7483 RESERVED CVE-2013-7482 (The reflex-gallery plugin before 1.4.3 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: reflex-gallery plugin for WordPress CVE-2013-7481 (The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: contact-form-plugin plugin for WordPress CVE-2013-7480 (The events-manager plugin before 5.3.6.1 for WordPress has XSS via the ...) - TODO: check + NOT-FOR-US: events-manager plugin for WordPress CVE-2013-7479 (The events-manager plugin before 5.3.9 for WordPress has XSS in the se ...) - TODO: check + NOT-FOR-US: events-manager plugin for WordPress CVE-2013-7478 (The events-manager plugin before 5.5 for WordPress has XSS via EM_Tick ...) - TODO: check + NOT-FOR-US: events-manager plugin for WordPress CVE-2013-7477 (The events-manager plugin before 5.5.2 for WordPress has XSS in the bo ...) - TODO: check + NOT-FOR-US: events-manager plugin for WordPress CVE-2013-7476 (The simple-fields plugin before 1.2 for WordPress has CSRF in the admi ...) NOT-FOR-US: simple-fields plugin for WordPress CVE-2013-7475 (The contact-form-plugin plugin before 3.52 for WordPress has XSS. ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 4301a25041..83417ffc58 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1,27 +1,27 @@ CVE-2014-10394 (The rich-counter plugin before 1.2.0 for WordPress has JavaScript inje ...) - TODO: check + NOT-FOR-US: rich-counter plugin for WordPress CVE-2014-10393 RESERVED CVE-2014-10392 (The cforms2 plugin before 10.2 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: cforms2 plugin for WordPress CVE-2014-10391 (The wp-support-plus-responsive-ticket-system plugin before 4.1 for Wor ...) - TODO: check + NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10390 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) - TODO: check + NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10389 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) - TODO: check + NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10388 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) - TODO: check + NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10387 (The wp-support-plus-responsive-ticket-system plugin before 4.2 for Wor ...) - TODO: check + NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2014-10386 (The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScr ...) - TODO: check + NOT-FOR-US: wp-live-chat-support plugin for WordPress CVE-2014-10385 (The memphis-documents-library plugin before 3.0 for WordPress has XSS ...) - TODO: check + NOT-FOR-US: memphis-documents-library plugin for WordPress CVE-2014-10384 (The memphis-documents-library plugin before 3.0 for WordPress has Loca ...) - TODO: check + NOT-FOR-US: memphis-documents-library plugin for WordPress CVE-2014-10383 (The memphis-documents-library plugin before 3.0 for WordPress has Remo ...) - TODO: check + NOT-FOR-US: memphis-documents-library plugin for WordPress CVE-2014-10382 RESERVED CVE-2014-10381 (The user-domain-whitelist plugin before 1.5 for WordPress has CSRF. ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 8814685eea..227c5248fd 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,21 +1,21 @@ CVE-2015-9341 (The wp-file-upload plugin before 3.4.1 for WordPress has insufficient ...) - TODO: check + NOT-FOR-US: wp-file-upload plugin for WordPress CVE-2015-9340 (The wp-file-upload plugin before 3.0.0 for WordPress has insufficient ...) - TODO: check + NOT-FOR-US: wp-file-upload plugin for WordPress CVE-2015-9339 (The wp-file-upload plugin before 2.7.1 for WordPress has insufficient ...) - TODO: check + NOT-FOR-US: wp-file-upload plugin for WordPress CVE-2015-9338 (The wp-file-upload plugin before 2.5.0 for WordPress has insufficient ...) - TODO: check + NOT-FOR-US: wp-file-upload plugin for WordPress CVE-2015-9337 (The profile-builder plugin before 2.1.4 for WordPress has no access co ...) - TODO: check + NOT-FOR-US: profile-builder plugin for WordPress CVE-2015-9336 (The clean-login plugin before 1.5.1 for WordPress has reflected XSS. ...) - TODO: check + NOT-FOR-US: clean-login plugin for WordPress CVE-2015-9335 (The limit-attempts plugin before 1.1.1 for WordPress has SQL injection ...) - TODO: check + NOT-FOR-US: limit-attempts plugin for WordPress CVE-2015-9334 RESERVED CVE-2015-9333 (The cforms2 plugin before 14.6.10 for WordPress has SQL injection. ...) - TODO: check + NOT-FOR-US: cforms2 plugin for WordPress CVE-2015-9332 (The uninstall plugin before 1.2 for WordPress has CSRF to delete all t ...) NOT-FOR-US: Wordpress plugin CVE-2015-9331 (The wp-all-import plugin before 3.2.4 for WordPress has no prevention ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 33d8e53b21..0ce8be8554 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,33 +1,33 @@ CVE-2016-10930 (The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for W ...) - TODO: check + NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2016-10929 RESERVED CVE-2016-10928 RESERVED CVE-2016-10927 (The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in aj ...) - TODO: check + NOT-FOR-US: nelio-ab-testing plugin for WordPress CVE-2016-10926 (The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in aja ...) - TODO: check + NOT-FOR-US: nelio-ab-testing plugin for WordPress CVE-2016-10925 (The peters-login-redirect plugin before 2.9.1 for WordPress has XSS du ...) - TODO: check + NOT-FOR-US: peters-login-redirect plugin for WordPress CVE-2016-10924 (The ebook-download plugin before 1.2 for WordPress has directory trave ...) - TODO: check + NOT-FOR-US: ebook-download plugin for WordPress CVE-2016-10923 (The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has pr ...) - TODO: check + NOT-FOR-US: woocommerce-store-toolkit plugin for WordPress CVE-2016-10922 (The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has pr ...) - TODO: check + NOT-FOR-US: woocommerce-store-toolkit plugin for WordPress CVE-2016-10921 (The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL in ...) - TODO: check + NOT-FOR-US: gallery-photo-gallery plugin for WordPress CVE-2016-10920 (The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. ...) TODO: check CVE-2016-10919 (The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats ...) - TODO: check + NOT-FOR-US: wassup plugin for WordPress CVE-2016-10918 (The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. ...) - TODO: check + NOT-FOR-US: gallery-by-supsystic plugin for WordPress CVE-2016-10917 (The search-everything plugin before 8.1.6 for WordPress has SQL inject ...) - TODO: check + NOT-FOR-US: search-everything plugin for WordPress CVE-2016-10916 (The appointment-booking-calendar plugin before 1.1.24 for WordPress ha ...) - TODO: check + NOT-FOR-US: appointment-booking-calendar plugin for WordPress CVE-2016-10915 (The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2016-10914 (The add-from-server plugin before 3.3.2 for WordPress has CSRF for imp ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 0b6c2b98fb..c6abbfe94c 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,37 +1,37 @@ CVE-2017-18586 (The insert-pages plugin before 3.2.4 for WordPress has directory trave ...) - TODO: check + NOT-FOR-US: insert-pages plugin for WordPress CVE-2017-18585 RESERVED CVE-2017-18584 (The post-pay-counter plugin before 2.731 for WordPress has no permissi ...) - TODO: check + NOT-FOR-US: post-pay-counter plugin for WordPress CVE-2017-18583 (The post-pay-counter plugin before 2.731 for WordPress has PHP Object ...) - TODO: check + NOT-FOR-US: post-pay-counter plugin for WordPress CVE-2017-18582 (The time-sheets plugin before 1.5.2 for WordPress has multiple XSS iss ...) - TODO: check + NOT-FOR-US: time-sheets plugin for WordPress CVE-2017-18581 (The time-sheets plugin before 1.5.0 for WordPress has XSS via the old ...) - TODO: check + NOT-FOR-US: time-sheets plugin for WordPress CVE-2017-18580 (The shortcodes-ultimate plugin before 5.0.1 for WordPress has remote c ...) - TODO: check + NOT-FOR-US: shortcodes-ultimate plugin for WordPress CVE-2017-18579 RESERVED CVE-2017-18578 RESERVED CVE-2017-18577 (The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the ...) - TODO: check + NOT-FOR-US: mailchimp-for-wp plugin for WordPress CVE-2017-18576 (The event-notifier plugin before 1.2.1 for WordPress has XSS via the l ...) - TODO: check + NOT-FOR-US: event-notifier plugin for WordPress CVE-2017-18575 (The newstatpress plugin before 1.2.5 for WordPress has multiple stored ...) - TODO: check + NOT-FOR-US: newstatpress plugin for WordPress CVE-2017-18574 (The ninja-forms plugin before 3.0.31 for WordPress has insufficient HT ...) - TODO: check + NOT-FOR-US: ninja-forms plugin for WordPress CVE-2017-18573 (The simple-login-log plugin before 1.1.2 for WordPress has SQL injecti ...) - TODO: check + NOT-FOR-US: simple-login-log plugin for WordPress CVE-2017-18572 (The gnucommerce plugin before 1.4.2 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: gnucommerce plugin for WordPress CVE-2017-18571 (The search-everything plugin before 8.1.7 for WordPress has SQL inject ...) - TODO: check + NOT-FOR-US: search-everything plugin for WordPress CVE-2017-18570 (The cforms2 plugin before 14.13 for WordPress has SQL injection in the ...) - TODO: check + NOT-FOR-US: cforms2 plugin for WordPress CVE-2017-18569 (The my-wp-translate plugin before 1.0.4 for WordPress has CSRF. ...) NOT-FOR-US: Wordpress plugin CVE-2017-18568 (The my-wp-translate plugin before 1.0.4 for WordPress has XSS. ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 5f045f1f4c..85b92f54be 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,23 +1,23 @@ CVE-2018-20988 (The wpgform plugin before 0.94 for WordPress has eval injection in the ...) - TODO: check + NOT-FOR-US: wpgform plugin for WordPress CVE-2018-20987 (The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP objec ...) - TODO: check + NOT-FOR-US: newsletters-lite plugin for WordPress CVE-2018-20986 RESERVED CVE-2018-20985 (The wp-payeezy-pay plugin before 2.98 for WordPress has local file inc ...) - TODO: check + NOT-FOR-US: wp-payeezy-pay plugin for WordPress CVE-2018-20984 (The patreon-connect plugin before 1.2.2 for WordPress has Object Injec ...) - TODO: check + NOT-FOR-US: patreon-connect plugin for WordPress CVE-2018-20983 (The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. ...) - TODO: check + NOT-FOR-US: wp-retina-2x plugin for WordPress CVE-2018-20982 (The media-library-assistant plugin before 2.74 for WordPress has XSS v ...) - TODO: check + NOT-FOR-US: media-library-assistant plugin for WordPress CVE-2018-20981 (The ninja-forms plugin before 3.3.9 for WordPress has insufficient res ...) - TODO: check + NOT-FOR-US: ninja-forms plugin for WordPress CVE-2018-20980 (The ninja-forms plugin before 3.2.15 for WordPress has parameter tampe ...) - TODO: check + NOT-FOR-US: ninja-forms plugin for WordPress CVE-2018-20979 (The contact-form-7 plugin before 5.0.4 for WordPress has privilege esc ...) - TODO: check + NOT-FOR-US: contact-form-7 plugin for WordPress CVE-2018-20978 (The wp-all-import plugin before 3.4.7 for WordPress has XSS. ...) NOT-FOR-US: Wordpress plugin CVE-2018-20977 (The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPre ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 7370c0efd7..020adb460c 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,7 +1,7 @@ CVE-2019-15331 (The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for W ...) - TODO: check + NOT-FOR-US: wp-support-plus-responsive-ticket-system plugin for WordPress CVE-2019-15330 (The webp-express plugin before 0.14.11 for WordPress has insufficient ...) - TODO: check + NOT-FOR-US: webp-express plugin for WordPress CVE-2019-15329 RESERVED CVE-2019-15328 @@ -13,21 +13,21 @@ CVE-2019-15326 CVE-2019-15325 RESERVED CVE-2019-15324 (The ad-inserter plugin before 2.4.22 for WordPress has remote code exe ...) - TODO: check + NOT-FOR-US: ad-inserter plugin for WordPress CVE-2019-15323 (The ad-inserter plugin before 2.4.20 for WordPress has path traversal. ...) - TODO: check + NOT-FOR-US: ad-inserter plugin for WordPress CVE-2019-15322 (The shortcode-factory plugin before 2.8 for WordPress has Local File I ...) - TODO: check + NOT-FOR-US: shortcode-factory plugin for WordPress CVE-2019-15321 (The option-tree plugin before 2.7.3 for WordPress has Object Injection ...) - TODO: check + NOT-FOR-US: option-tree plugin for WordPress CVE-2019-15320 (The option-tree plugin before 2.7.3 for WordPress has Object Injection ...) - TODO: check + NOT-FOR-US: option-tree plugin for WordPress CVE-2019-15319 (The option-tree plugin before 2.7.0 for WordPress has Object Injection ...) - TODO: check + NOT-FOR-US: option-tree plugin for WordPress CVE-2019-15318 (The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPres ...) - TODO: check + NOT-FOR-US: yikes-inc-easy-mailchimp-extender plugin for WordPress CVE-2019-15317 (The give plugin before 2.4.7 for WordPress has XSS via a donor name. ...) - TODO: check + NOT-FOR-US: give plugin for WordPress CVE-2019-15316 (Valve Steam Client for Windows through 2019-08-20 has weak folder perm ...) TODO: check CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privilege esc ...) @@ -1442,9 +1442,9 @@ CVE-2019-14688 CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...) NOT-FOR-US: Trend Micro CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2019-14685 (A local privilege escalation vulnerability exists in Trend Micro Secur ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2019-14684 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...) NOT-FOR-US: Trend Micro CVE-2019-14683 (The codection "Import users from CSV with meta" plugin before 1.14.2.2 ...) |