[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 13 20:49:59 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
78fe2e75 by Salvatore Bonaccorso at 2021-12-13T21:45:46+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2386,15 +2386,15 @@ CVE-2021-44157
 CVE-2021-44156
 	RESERVED
 CVE-2021-44155 (An issue was discovered in /goform/login_process in Reprise RLM 14.2.  ...)
-	TODO: check
+	NOT-FOR-US: Reprise RLM
 CVE-2021-44154 (An issue was discovered in Reprise RLM 14.2. By using an admin account ...)
-	TODO: check
+	NOT-FOR-US: Reprise RLM
 CVE-2021-44153 (An issue was discovered in Reprise RLM 14.2. When editing the license  ...)
-	TODO: check
+	NOT-FOR-US: Reprise RLM
 CVE-2021-44152 (An issue was discovered in Reprise RLM 14.2. Because /goform/change_pa ...)
-	TODO: check
+	NOT-FOR-US: Reprise RLM
 CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cookies ar ...)
-	TODO: check
+	NOT-FOR-US: Reprise RLM
 CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...)
 	NOT-FOR-US: tusdotnet
 CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through  ...)
@@ -2832,7 +2832,7 @@ CVE-2021-43985
 CVE-2021-43984
 	RESERVED
 CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...)
-	TODO: check
+	NOT-FOR-US: WECON LeviStudioU
 CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...)
 	NOT-FOR-US: Delta
 CVE-2021-43981
@@ -6967,7 +6967,7 @@ CVE-2021-43119
 CVE-2021-43118
 	RESERVED
 CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...)
-	TODO: check
+	NOT-FOR-US: fastadmin
 CVE-2021-43116
 	RESERVED
 CVE-2021-43115
@@ -8318,13 +8318,13 @@ CVE-2021-42551
 CVE-2021-42550
 	RESERVED
 CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2021-42547 (Insufficient Input Validation in the search functionality of Wordpress ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2021-42546 (Insufficient Input Validation in the search functionality of Wordpress ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...)
 	NOT-FOR-US: Business-DNA Solutions
 CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...)
@@ -13601,11 +13601,11 @@ CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys
 CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...)
 	NOT-FOR-US: Auerswald
 CVE-2021-40858 (Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Discl ...)
-	TODO: check
+	NOT-FOR-US: Auerswald COMpact 5500R devices
 CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation ...)
-	TODO: check
+	NOT-FOR-US: Auerswald COMpact 5500R devices
 CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...)
-	TODO: check
+	NOT-FOR-US: Auerswald
 CVE-2021-40855
 	RESERVED
 CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...)
@@ -15670,9 +15670,9 @@ CVE-2021-40010
 CVE-2021-40009
 	RESERVED
 CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2021-40006
 	RESERVED
 CVE-2021-40005
@@ -24904,7 +24904,7 @@ CVE-2021-36171
 CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...)
 	NOT-FOR-US: Fortiguard
 CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6 ...)
-	TODO: check
+	NOT-FOR-US: FortiGuard
 CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...)
 	NOT-FOR-US: Fortinet
 CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...)
@@ -35066,7 +35066,7 @@ CVE-2021-32026
 CVE-2021-32025
 	RESERVED
 CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec of BlackB ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry
 CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...)
 	NOT-FOR-US: BlackBerry
 CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...)
@@ -53099,11 +53099,11 @@ CVE-2021-24974
 CVE-2021-24973
 	RESERVED
 CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24971
 	RESERVED
 CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24969
 	RESERVED
 CVE-2021-24968
@@ -53133,15 +53133,15 @@ CVE-2021-24957
 CVE-2021-24956
 	RESERVED
 CVE-2021-24955 (The User Registration, Login Form, User Profile & Membership WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24954 (The User Registration, Login Form, User Profile & Membership WordP ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24953
 	RESERVED
 CVE-2021-24952
 	RESERVED
 CVE-2021-24951 (The LearnPress WordPress plugin before 4.1.4 does not sanitise, valida ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24950
 	RESERVED
 CVE-2021-24949
@@ -53151,9 +53151,9 @@ CVE-2021-24948
 CVE-2021-24947
 	RESERVED
 CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24944
 	RESERVED
 CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
@@ -53179,7 +53179,7 @@ CVE-2021-24934
 CVE-2021-24933
 	RESERVED
 CVE-2021-24932 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24931 (The Secure Copy Content Protection and Content Locking WordPress plugi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...)
@@ -53193,13 +53193,13 @@ CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise
 CVE-2021-24926
 	RESERVED
 CVE-2021-24925 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24924 (The Email Log WordPress plugin before 2.4.8 does not escape the d para ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24923
 	RESERVED
 CVE-2021-24922 (The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check w ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24921
 	RESERVED
 CVE-2021-24920
@@ -53251,7 +53251,7 @@ CVE-2021-24898
 CVE-2021-24897
 	RESERVED
 CVE-2021-24896 (The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24895
 	RESERVED
 CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the  ...)
@@ -53299,9 +53299,9 @@ CVE-2021-24874
 CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows users w ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24871 (The Get Custom Field Values WordPress plugin before 4.0.1 does not esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24870
 	RESERVED
 CVE-2021-24869
@@ -53317,23 +53317,23 @@ CVE-2021-24865
 CVE-2021-24864
 	RESERVED
 CVE-2021-24863 (The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Prot ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24862
 	RESERVED
 CVE-2021-24861 (The Quotes Collection WordPress plugin through 2.5.2 does not validate ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24859 (The User Meta Shortcodes WordPress plugin through 0.5 registers a shor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24858
 	RESERVED
 CVE-2021-24857 (The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded us ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24855 (The Display Post Metadata WordPress plugin before 1.5.0 adds a shortco ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24854 (The QR Redirector WordPress plugin before 1.6.1 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24853 (The QR Redirector WordPress plugin before 1.6 does not have capability ...)
@@ -53347,13 +53347,13 @@ CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode
 CVE-2021-24849
 	RESERVED
 CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24846
 	RESERVED
 CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows passing  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24843
@@ -53371,7 +53371,7 @@ CVE-2021-24838
 CVE-2021-24837
 	RESERVED
 CVE-2021-24836 (The Temporary Login Without Password WordPress plugin before 1.7.1 doe ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with Bookings  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24834 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...)
@@ -53405,11 +53405,11 @@ CVE-2021-24821
 CVE-2021-24820
 	RESERVED
 CVE-2021-24819 (The Page/Post Content Shortcode WordPress plugin through 1.0 does not  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24818 (The WP Limits WordPress plugin through 1.0 does not have CSRF check wh ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24817 (The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...)
@@ -53453,17 +53453,17 @@ CVE-2021-24797
 CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not properly saniti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24795 (The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24792 (The Shiny Buttons WordPress plugin through 1.1.0 does not have any aut ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24791 (The Header Footer Code Manager WordPress plugin before 1.1.14 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24790 (The Contact Form Advanced Database WordPress plugin through 1.0.8 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...)
@@ -53475,15 +53475,15 @@ CVE-2021-24786
 CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24784 (The WP Admin Logo Changer WordPress plugin through 1.0 does not have C ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24783 (The Post Expirator WordPress plugin before 2.6.0 does not have proper  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24782 (The Flex Local Fonts WordPress plugin through 1.0.0 does not escape th ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24780 (The Single Post Exporter WordPress plugin through 1.1.1 does not have  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24778
@@ -53501,7 +53501,7 @@ CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 do
 CVE-2021-24772 (The Stream WordPress plugin before 3.8.2 does not sanitise and validat ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24771 (The Inspirational Quote Rotator WordPress plugin through 1.0.0 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
@@ -53531,7 +53531,7 @@ CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly va
 CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24756 (The WP System Log WordPress plugin before 1.0.21 does not sanitise, va ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...)
@@ -53549,7 +53549,7 @@ CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSR
 CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24747 (The SEO Booster WordPress plugin through 3.7 allows for authenticated  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24746
 	RESERVED
 CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...)
@@ -53633,7 +53633,7 @@ CVE-2021-24707
 CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress plugin b ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24705 (The NEX-Forms WordPress plugin through 7.9.4 does not escape some of i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24704
 	RESERVED
 CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...)
@@ -64283,11 +64283,11 @@ CVE-2021-20869
 CVE-2021-20868
 	RESERVED
 CVE-2021-20867 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-20866 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-20865 (Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fiel ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-20864 (Improper access control vulnerability in ELECOM routers (WRC-1167GST2  ...)
 	NOT-FOR-US: ELECOM
 CVE-2021-20863 (OS command injection vulnerability in ELECOM routers (WRC-1167GST2 fir ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78fe2e75e15e4c0757b9e44caa7a5e3ed7a2ddd1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78fe2e75e15e4c0757b9e44caa7a5e3ed7a2ddd1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211213/3ef40ecd/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list