[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Mon Apr 5 21:54:25 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9e67a9b6 by Moritz Muehlenhoff at 2021-04-05T22:53:32+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,11 +3,11 @@ CVE-2021-30129
CVE-2021-30128
RESERVED
CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...)
- TODO: check
+ NOT-FOR-US: Terramaster
CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyon ...)
- TODO: check
+ NOT-FOR-US: Lightmeter ControlCenter
CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...)
- TODO: check
+ NOT-FOR-US: Jamf Pro
CVE-2021-30124
RESERVED
CVE-2021-30123
@@ -39,7 +39,7 @@ CVE-2021-30111
CVE-2021-30110
RESERVED
CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...)
- TODO: check
+ NOT-FOR-US: Froala Editor
CVE-2021-30108
RESERVED
CVE-2021-30107
@@ -113,7 +113,7 @@ CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS) because
CVE-2021-30073
RESERVED
CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-30071
RESERVED
CVE-2021-30070
@@ -141,13 +141,13 @@ CVE-2021-30060
CVE-2021-30059
RESERVED
CVE-2021-30058 (Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). ...)
- TODO: check
+ NOT-FOR-US: Knowage Suite
CVE-2021-30057 (A stored HTML injection vulnerability exists in Knowage Suite version ...)
- TODO: check
+ NOT-FOR-US: Knowage Suite
CVE-2021-30056 (Knowage Suite before 7.4 is vulnerable to reflected cross-site scripti ...)
- TODO: check
+ NOT-FOR-US: Knowage Suite
CVE-2021-30055 (A SQL injection vulnerability in Knowage Suite version 7.1 exists in t ...)
- TODO: check
+ NOT-FOR-US: Knowage Suite
CVE-2021-30054
RESERVED
CVE-2021-30053
@@ -1899,7 +1899,7 @@ CVE-2021-3468 [Local DoS by event-busy-loop from writing long lines to /run/avah
CVE-2021-29262
RESERVED
CVE-2021-29261 (The unofficial Svelte extension before 104.8.0 for Visual Studio Code ...)
- TODO: check
+ NOT-FOR-US: vscode extension Svelte
CVE-2021-29260
RESERVED
CVE-2021-29259
@@ -2607,7 +2607,7 @@ CVE-2021-28943
CVE-2021-28942
RESERVED
CVE-2021-28941 (Because of no validation on a curl command in MagpieRSS 0.72 in the /e ...)
- TODO: check
+ NOT-FOR-US: MagpieRSS
CVE-2021-28940 (Because of a incorrect escaped exec command in MagpieRSS in 0.72 in th ...)
NOT-FOR-US: MagpieRSS
CVE-2021-28939
@@ -13572,29 +13572,29 @@ CVE-2021-24214
CVE-2021-24213
RESERVED
CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24211 (The WordPress Related Posts plugin through 3.6.4 contains an authentic ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24210 (There is an open redirect in the PhastPress WordPress plugin before 1. ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24209 (The WP Super Cache WordPress plugin before 1.7.2 was affected by an au ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24208 (The editor of the WP Page Builder WordPress plugin before 1.2.4 allows ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24207 (By default, the WP Page Builder WordPress plugin before 1.2.4 allows s ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24206 (In the Elementor Website Builder WordPress plugin before 3.1.4, the im ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24205 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ic ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24204 (In the Elementor Website Builder WordPress plugin before 3.1.4, the ac ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24203 (In the Elementor Website Builder WordPress plugin before 3.1.4, the di ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24202 (In the Elementor Website Builder WordPress plugin before 3.1.4, the he ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24201 (In the Elementor Website Builder WordPress plugin before 3.1.4, the co ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24200
RESERVED
CVE-2021-24199
@@ -13604,7 +13604,7 @@ CVE-2021-24198
CVE-2021-24197
RESERVED
CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24195
RESERVED
CVE-2021-24194
@@ -13622,81 +13622,81 @@ CVE-2021-24189
CVE-2021-24188
RESERVED
CVE-2021-24187 (The setting page of the SEO Redirection Plugin – 301 Redirect Ma ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function pair from ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24185 (The tutor_place_rating AJAX action from the Tutor LMS – eLearnin ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24184 (Several AJAX endpoints in the Tutor LMS – eLearning and online c ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24183 (The tutor_quiz_builder_get_question_form AJAX action from the Tutor LM ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24182 (The tutor_quiz_builder_get_answers_by_question AJAX action from the Tu ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24181 (The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24180 (Unvalidated input and lack of output encoding within the Related Posts ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24179
RESERVED
CVE-2021-24178
RESERVED
CVE-2021-24177 (In the default configuration of the File Manager WordPress plugin befo ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24176 (The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the re ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24175 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24174 (The Database Backups WordPress plugin through 1.2.2.6 does not have CS ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24173 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24172 (The VM Backups WordPress plugin through 1.0 does not have CSRF checks, ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24171 (The WooCommerce Upload Files WordPress plugin before 59.4 ran a single ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24170 (The REST API endpoint get_users in the User Profile Picture WordPress ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24169 (This Advanced Order Export For WooCommerce WordPress plugin before 3.1 ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24168 (The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not prop ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24167 (When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_lo ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24166 (The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form R ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24165 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24164 (In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low- ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24163 (The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, di ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24162 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24161 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, a ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24160 (In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, s ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24159 (Due to the lack of sanitization and lack of nonce protection on the cu ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24158 (Orbit Fox by ThemeIsle has a feature to add a registration form to bot ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24157 (Orbit Fox by ThemeIsle has a feature to add custom scripts to the head ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24156 (Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0 ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24155 (The WordPress Backup and Migrate Plugin – Backup Guard WordPress ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24154 (The Theme Editor WordPress plugin before 2.6 did not validate the GET ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24153 (A Stored Cross-Site Scripting vulnerability was discovered in the Yoas ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24152 (The "All Subscribers" setting page of Popup Builder was vulnerable to ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24151
RESERVED
CVE-2021-24150 (The LikeBtn WordPress Like Button Rating ♥ LikeBtn WordPress plu ...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin
CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...)
NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, versions be ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e67a9b6ccc7d2095dd9b498f2dbae54cf852335
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e67a9b6ccc7d2095dd9b498f2dbae54cf852335
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210405/e06b66fa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list