[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Aug 31 09:46:46 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe37561d by Salvatore Bonaccorso at 2021-08-31T10:46:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4891,11 +4891,11 @@ CVE-2021-38147
 CVE-2021-38146
 	RESERVED
 CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
-	TODO: check
+	NOT-FOR-US: Form Tools
 CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...)
-	TODO: check
+	NOT-FOR-US: Form Tools
 CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...)
-	TODO: check
+	NOT-FOR-US: Form Tools
 CVE-2021-38142
 	RESERVED
 CVE-2021-38141
@@ -8871,7 +8871,7 @@ CVE-2021-36358
 CVE-2021-36357
 	RESERVED
 CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute  ...)
-	TODO: check
+	NOT-FOR-US: KRAMER VIAware
 CVE-2021-36355
 	RESERVED
 CVE-2021-36354
@@ -11863,9 +11863,9 @@ CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasi
 	[stretch] - suricata <no-dsa> (Minor issue)
 	NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489
 CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in DRK Ode ...)
-	TODO: check
+	NOT-FOR-US: DRK Odenwaldkreis Testerfassung
 CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...)
-	TODO: check
+	NOT-FOR-US: DRK Odenwaldkreis Testerfassung
 CVE-2021-35060
 	RESERVED
 CVE-2021-35059
@@ -17066,7 +17066,7 @@ CVE-2021-32834
 CVE-2021-32833
 	RESERVED
 CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...)
 	TODO: check
 CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont  ...)
@@ -29684,15 +29684,15 @@ CVE-2021-27915
 CVE-2021-27914
 	RESERVED
 CVE-2021-27913 (The function mt_rand is used to generate session tokens, this function ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS  ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27911 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS  ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27910 (Insufficient sanitization / filtering allows for arbitrary JavaScript  ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27909 (For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: Mautic
 CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such as datab ...)
 	NOT-FOR-US: Mautic
 CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the creation of a M ...)
@@ -30235,7 +30235,7 @@ CVE-2021-27665
 CVE-2021-27664
 	RESERVED
 CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM  ...)
-	TODO: check
+	NOT-FOR-US: Johnson Controls
 CVE-2021-27662
 	RESERVED
 CVE-2021-27661 (Successful exploitation of this vulnerability could give an authentica ...)
@@ -30462,11 +30462,11 @@ CVE-2021-27560
 CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the Nickname f ...)
 	NOT-FOR-US: Monica
 CVE-2021-27558 (A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows re ...)
-	TODO: check
+	NOT-FOR-US: EasyCorp ZenTao
 CVE-2021-27557 (A cross-site request forgery (CSRF) vulnerability in the Cron job tab  ...)
-	TODO: check
+	NOT-FOR-US: EasyCorp ZenTao
 CVE-2021-27556 (The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (wh ...)
-	TODO: check
+	NOT-FOR-US: EasyCorp ZenTao
 CVE-2021-27555
 	RESERVED
 CVE-2021-27554
@@ -37542,7 +37542,7 @@ CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered
 CVE-2021-24666
 	RESERVED
 CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24664
 	RESERVED
 CVE-2021-24663
@@ -37686,9 +37686,9 @@ CVE-2021-24595
 CVE-2021-24594
 	RESERVED
 CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24591
 	RESERVED
 CVE-2021-24590
@@ -37710,11 +37710,11 @@ CVE-2021-24583
 CVE-2021-24582
 	RESERVED
 CVE-2021-24581 (The Blue Admin WordPress plugin through 21.06.01 does not sanitise or  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise use ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24578
 	RESERVED
 CVE-2021-24577
@@ -37816,7 +37816,7 @@ CVE-2021-24530
 CVE-2021-24529 (The Grid Gallery – Photo Image Grid Gallery WordPress plugin bef ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24528 (The FluentSMTP WordPress plugin before 2.0.1 does not sanitize paramet ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24527 (The User Registration & User Profile – Profile Builder WordP ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contac ...)
@@ -37996,9 +37996,9 @@ CVE-2021-24440 (The Sign-up Sheets WordPress plugin before 1.0.14 did not saniti
 CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed authenti ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-24438 (The ShareThis Dashboard for Google Analytics WordPress plugin before 2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24437 (The Favicon by RealFaviconGenerator WordPress plugin through 1.3.20 do ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a r ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24435



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe37561d4b2a5af7623bbf1d06cd316974d88ed3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe37561d4b2a5af7623bbf1d06cd316974d88ed3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210831/d56b8cbd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list