[Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Aug 16 21:44:39 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9014452b by Salvatore Bonaccorso at 2021-08-16T22:44:10+02:00
Process more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -34917,7 +34917,7 @@ CVE-2021-24550
CVE-2021-24549
RESERVED
CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable to Au ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24547
RESERVED
CVE-2021-24546
@@ -34931,21 +34931,21 @@ CVE-2021-24543
CVE-2021-24542
RESERVED
CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24540 (The Wonder Video Embed WordPress plugin before 1.8 does not escape par ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24539
RESERVED
CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24537
RESERVED
CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does not have ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24534 (The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24533
RESERVED
CVE-2021-24532
@@ -34959,9 +34959,9 @@ CVE-2021-24529
CVE-2021-24528
RESERVED
CVE-2021-24527 (The User Registration & User Profile – Profile Builder WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contac ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24525
RESERVED
CVE-2021-24524
@@ -34975,9 +34975,9 @@ CVE-2021-24521 (The Side Menu Lite – add sticky fixed buttons WordPress pl
CVE-2021-24520 (The Stock in & out WordPress plugin through 1.0.4 lacks proper san ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24519 (The VikRentCar Car Rental Management System WordPress plugin before 1. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24517
RESERVED
CVE-2021-24516
@@ -34989,7 +34989,7 @@ CVE-2021-24514
CVE-2021-24513
RESERVED
CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24511
RESERVED
CVE-2021-24510
@@ -35071,7 +35071,7 @@ CVE-2021-24473 (The User Profile Picture WordPress plugin before 2.6.0 was affec
CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress ...)
NOT-FOR-US: WordPress theme
CVE-2021-24471 (The YouTube Embed WordPress plugin before 5.2.2 does not validate, esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24469
@@ -35081,7 +35081,7 @@ CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape so
CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24465
RESERVED
CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...)
@@ -35123,7 +35123,7 @@ CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate
CVE-2021-24446
RESERVED
CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Categories W ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24443 (The About Me widget of the Youzify – BuddyPress Community, User ...)
@@ -35191,9 +35191,9 @@ CVE-2021-24413
CVE-2021-24412
RESERVED
CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF checks ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24410 (The తెలుగు బైబ&# ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24409 (The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GE ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24408 (The Prismatic WordPress plugin before 2.8 does not sanitise or validat ...)
@@ -35253,7 +35253,7 @@ CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9
CVE-2021-24381
RESERVED
CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24378 (The Autoptimize WordPress plugin before 2.7.8 does not check for malic ...)
@@ -35287,9 +35287,9 @@ CVE-2021-24365 (The Admin Columns WordPress plugin Free before 4.3.2 and Pro bef
CVE-2021-24364 (The Jannah WordPress theme before 5.4.4 did not properly sanitize the ...)
NOT-FOR-US: WordPress theme
CVE-2021-24363 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24362 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24361 (In the Location Manager WordPress plugin before 2.1.0.10, the AJAX act ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its s ...)
@@ -38495,19 +38495,19 @@ CVE-2021-22939 (If the Node.js https API was used incorrectly and "undefined" wa
[bullseye] - nodejs 12.22.5~dfsg-2~11u1
NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#incomplete-validation-of-rejectunauthorized-parameter-low-cve-2021-22939
CVE-2021-22938 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22937 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22936 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow a th ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22935 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22934 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22933 (A vulnerability in Pulse Connect Secure before 9.1R12 could allow an a ...)
- TODO: check
+ NOT-FOR-US: Pulse Connect Secure
CVE-2021-22932 (An issue has been identified in the CTX269106 mitigation tool for Citr ...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2021-22931 (Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Co ...)
- nodejs <undetermined>
NOTE: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/#cares-upgrade-improper-handling-of-untypical-characters-in-domain-names-high-cve-2021-22931
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9014452ba76422a731dc2c98a45451e74683a7dd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9014452ba76422a731dc2c98a45451e74683a7dd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210816/02fa7e06/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list