[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 14 20:55:15 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5416ba4b by Salvatore Bonaccorso at 2021-12-14T21:53:06+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -310,9 +310,9 @@ CVE-2021-45017
CVE-2021-45016
RESERVED
CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...)
- TODO: check
+ NOT-FOR-US: taocms
CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...)
- TODO: check
+ NOT-FOR-US: taocms
CVE-2021-45013
RESERVED
CVE-2021-45012
@@ -442,7 +442,7 @@ CVE-2021-44951
CVE-2021-44950
RESERVED
CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...)
- TODO: check
+ NOT-FOR-US: glFusion CMS
CVE-2021-44948
RESERVED
CVE-2021-44947
@@ -466,11 +466,11 @@ CVE-2021-44939
CVE-2021-44938
RESERVED
CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...)
- TODO: check
+ NOT-FOR-US: glFusion CMS
CVE-2021-44936
RESERVED
CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...)
- TODO: check
+ NOT-FOR-US: glFusion CMS
CVE-2021-44934
RESERVED
CVE-2021-44933
@@ -678,7 +678,7 @@ CVE-2021-44835
CVE-2021-44834
RESERVED
CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...)
- TODO: check
+ NOT-FOR-US: yetiforcecrm
CVE-2021-4106
RESERVED
CVE-2021-4105
@@ -1220,7 +1220,7 @@ CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF) ...)
CVE-2021-4074
RESERVED
CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4072
RESERVED
CVE-2021-4071
@@ -1588,7 +1588,7 @@ CVE-2021-44540
CVE-2021-43353
RESERVED
CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...)
NOT-FOR-US: livehelperchat
CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -1630,11 +1630,11 @@ CVE-2021-44526
CVE-2021-44525
RESERVED
CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
- TODO: check
+ NOT-FOR-US: SiPass
CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
- TODO: check
+ NOT-FOR-US: SiPass
CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...)
- TODO: check
+ NOT-FOR-US: SiPass
CVE-2021-44477
RESERVED
CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...)
@@ -1834,47 +1834,47 @@ CVE-2021-44453
CVE-2021-44451
RESERVED
CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44449 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44448 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44447 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44446 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44445 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44444 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44443 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44442 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44441 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44440 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44439 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44438 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44437 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44436 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44435 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44434 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44433 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44432 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-43355
RESERVED
CVE-2021-41835
@@ -2327,9 +2327,9 @@ CVE-2021-44234
CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...)
NOT-FOR-US: SAP
CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2021-44231 (Internally used text extraction reports allow an attacker to inject co ...)
- TODO: check
+ NOT-FOR-US: SAP
CVE-2022-21792
RESERVED
CVE-2022-21791
@@ -2628,7 +2628,7 @@ CVE-2021-44167
CVE-2021-44166
RESERVED
CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44164
RESERVED
CVE-2021-44163
@@ -3043,39 +3043,39 @@ CVE-2021-3977
CVE-2021-44018
RESERVED
CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44016
RESERVED
CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44014 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44012 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44011 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44010 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44009 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44008 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44007 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44006 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44005 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44004 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44002 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-44000
RESERVED
CVE-2021-43999
@@ -3681,9 +3681,9 @@ CVE-2021-43825
CVE-2021-43824
RESERVED
CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...)
- TODO: check
+ NOT-FOR-US: Sourcegraph
CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...)
- TODO: check
+ NOT-FOR-US: Jackalope Doctrine-DBAL
CVE-2021-43821
RESERVED
CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...)
@@ -3696,7 +3696,7 @@ CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python lang
NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5)
NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5)
CVE-2021-43817 (Collabora Online is a collaborative online office suite based on Libre ...)
- TODO: check
+ NOT-FOR-US: Collabora Online
CVE-2021-43816
RESERVED
CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...)
@@ -5661,7 +5661,7 @@ CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. Ther
NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1
NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d
CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...)
- TODO: check
+ NOT-FOR-US: Unisys Cargo Mobile Application
CVE-2021-43387
RESERVED
CVE-2021-43386
@@ -10056,7 +10056,7 @@ CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 a
CVE-2021-42368
RESERVED
CVE-2021-42367 (The Variation Swatches for WooCommerce WordPress plugin is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-42366
RESERVED
CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...)
@@ -11023,9 +11023,9 @@ CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via c
CVE-2021-42052
RESERVED
CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...)
- TODO: check
+ NOT-FOR-US: AbanteCart
CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...)
- TODO: check
+ NOT-FOR-US: AbanteCart
CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...)
NOT-FOR-US: Translate MediaWiki extension
CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...)
@@ -11093,17 +11093,17 @@ CVE-2021-42029
CVE-2021-42028
RESERVED
CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions &l ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...)
NOT-FOR-US: Siemens
CVE-2021-42024 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-42023 (A vulnerability has been identified in ModelSim Simulation (All versio ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Packa ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...)
NOT-FOR-US: Siemens
CVE-2021-42020
@@ -12265,7 +12265,7 @@ CVE-2021-41549
CVE-2021-41548
RESERVED
CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...)
- TODO: check
+ NOT-FOR-US: Siemens
CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)
NOT-FOR-US: Siemens
CVE-2021-41545
@@ -13429,11 +13429,11 @@ CVE-2021-41069
CVE-2021-41068
RESERVED
CVE-2021-41067 (An issue was discovered in Listary through 6. Improper implementation ...)
- TODO: check
+ NOT-FOR-US: Listary
CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is configur ...)
- TODO: check
+ NOT-FOR-US: Listary
CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...)
- TODO: check
+ NOT-FOR-US: Listary
CVE-2021-41064
RESERVED
CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...)
@@ -13825,7 +13825,7 @@ CVE-2021-40885
CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...)
NOT-FOR-US: Projectsend
CVE-2021-40883 (A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via ...)
- TODO: check
+ NOT-FOR-US: emlog
CVE-2021-40882 (A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via ...)
TODO: check
CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...)
@@ -17573,29 +17573,29 @@ CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vul
CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the r ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39319 (The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39318 (The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39317 (Versions up to, and including, 1.0.6, of the Access Demo Importer Word ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39315 (The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39314 (The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39313 (The Simple Image Gallery WordPress plugin is vulnerable to Reflected C ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39312 (The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary file ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39311 (The link-list-manager WordPress plugin is vulnerable to Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39310 (The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39309 (The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...)
NOT-FOR-US: PDFTron WebViewer UI
CVE-2021-39306
@@ -19981,7 +19981,7 @@ CVE-2021-38363
CVE-2021-38362
RESERVED
CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...)
- TODO: check
+ NOT-FOR-US: WordPess plugin
CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5416ba4b0e9ab7566ba3733cacf51ca0ccf0f6d6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5416ba4b0e9ab7566ba3733cacf51ca0ccf0f6d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211214/8ff368d5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list