[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 21 21:49:32 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
eb60dfd1 by Salvatore Bonaccorso at 2021-12-21T22:49:08+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -615,13 +615,13 @@ CVE-2021-45257
CVE-2021-45256
RESERVED
CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...)
- TODO: check
+ NOT-FOR-US: Video Sharing Website
CVE-2021-45254
RESERVED
CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...)
- TODO: check
+ NOT-FOR-US: Simple Cold Storage Management System
CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...)
- TODO: check
+ NOT-FOR-US: Simple Forum-Discussion System
CVE-2021-45251
RESERVED
CVE-2021-45250
@@ -665,7 +665,7 @@ CVE-2021-4141
CVE-2021-4140
RESERVED
CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...)
- TODO: check
+ NOT-FOR-US: Pimcore
CVE-2021-4138
RESERVED
CVE-2022-22053
@@ -1247,11 +1247,11 @@ CVE-2021-45093
CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...)
NOT-FOR-US: Thinfinity VirtualUI
CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...)
- TODO: check
+ NOT-FOR-US: Stormshield Endpoint Security
CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...)
- TODO: check
+ NOT-FOR-US: Stormshield Endpoint Security
CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...)
- TODO: check
+ NOT-FOR-US: Stormshield Endpoint Security
CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...)
- epiphany-browser 41.2-1
NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612
@@ -1964,13 +1964,13 @@ CVE-2021-44879
CVE-2021-44878
RESERVED
CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...)
- TODO: check
+ NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
- TODO: check
+ NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...)
- TODO: check
+ NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...)
- TODO: check
+ NOT-FOR-US: Dalmark Systems Systeam
CVE-2021-44873
RESERVED
CVE-2021-44872
@@ -1998,9 +1998,9 @@ CVE-2021-44862
CVE-2021-44861
RESERVED
CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...)
{DSA-5021-1 DLA-2847-1}
- mediawiki 1:1.35.5-1
@@ -3341,9 +3341,9 @@ CVE-2021-44425
CVE-2021-44424
RESERVED
CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer
CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...)
- TODO: check
+ NOT-FOR-US: Open Design Alliance Drawings SDK
CVE-2021-44421
RESERVED
CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...)
@@ -3964,7 +3964,7 @@ CVE-2021-44209
CVE-2021-44208
RESERVED
CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...)
- TODO: check
+ NOT-FOR-US: Acclaim USAHERDS
CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...)
NOT-FOR-US: snipe-it
CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...)
@@ -6478,7 +6478,7 @@ CVE-2021-43589
CVE-2021-43588
RESERVED
CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-43586
RESERVED
CVE-2021-43585
@@ -6992,7 +6992,7 @@ CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attac
CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...)
NOT-FOR-US: iResturant
CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...)
- TODO: check
+ NOT-FOR-US: sourcecodetester Engineers Online Portal
CVE-2021-43436
RESERVED
CVE-2021-43435
@@ -26302,7 +26302,7 @@ CVE-2021-3639 [Prevent redirect to URLs that begin with '///']
[stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5
CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36349
RESERVED
CVE-2021-36348
@@ -26320,7 +26320,7 @@ CVE-2021-36343
CVE-2021-36342
RESERVED
CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
NOT-FOR-US: EMC
CVE-2021-36339
@@ -26328,9 +26328,9 @@ CVE-2021-36339
CVE-2021-36338
RESERVED
CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...)
NOT-FOR-US: EMC
CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...)
@@ -28967,7 +28967,7 @@ CVE-2021-35250
CVE-2021-35249
RESERVED
CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-35247
RESERVED
CVE-2021-35246
@@ -28975,7 +28975,7 @@ CVE-2021-35246
CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...)
NOT-FOR-US: SolarWinds
CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-35243
RESERVED
CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...)
@@ -28995,7 +28995,7 @@ CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Serv
CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...)
NOT-FOR-US: Kiwi Syslog Server
CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allows for ...)
- TODO: check
+ NOT-FOR-US: SolarWinds
CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server ...)
NOT-FOR-US: Kiwi Syslog Server
CVE-2021-35232
@@ -48625,23 +48625,23 @@ CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulne
CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...)
NOT-FOR-US: GE
CVE-2021-27453 (Mesa Labs AmegaView Versions 3.0 uses default cookies that could be se ...)
- TODO: check
+ NOT-FOR-US: Mesa Labs
CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...)
NOT-FOR-US: GE
CVE-2021-27451 (Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generat ...)
- TODO: check
+ NOT-FOR-US: Mesa Labs
CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...)
NOT-FOR-US: GE
CVE-2021-27449 (Mesa Labs AmegaView Versions 3.0 and prior has a command injection vul ...)
- TODO: check
+ NOT-FOR-US: Mesa Labs
CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...)
NOT-FOR-US: GE
CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, ...)
- TODO: check
+ NOT-FOR-US: Mesa Labs
CVE-2021-27446
RESERVED
CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...)
- TODO: check
+ NOT-FOR-US: Mesa Labs
CVE-2021-27444
RESERVED
CVE-2021-27443
@@ -54935,7 +54935,7 @@ CVE-2021-24983
CVE-2021-24982
RESERVED
CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24980
RESERVED
CVE-2021-24979
@@ -54985,7 +54985,7 @@ CVE-2021-24958
CVE-2021-24957
RESERVED
CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24955 (The User Registration, Login Form, User Profile & Membership WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24954 (The User Registration, Login Form, User Profile & Membership WordP ...)
@@ -55015,7 +55015,7 @@ CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin befor
CVE-2021-24942
RESERVED
CVE-2021-24941 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24940
RESERVED
CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...)
@@ -55083,7 +55083,7 @@ CVE-2021-24909
CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24906
RESERVED
CVE-2021-24905
@@ -55199,13 +55199,13 @@ CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with
CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24849 (The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24846 (The get_query() function of the Ni WooCommerce Custom Order Status Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows passing ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...)
@@ -55397,7 +55397,7 @@ CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capa
CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24750 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...)
@@ -55419,9 +55419,9 @@ CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape
CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24739 (The Logo Carousel WordPress plugin before 3.4.2 allows users with a ro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24738 (The Logo Carousel WordPress plugin before 3.4.2 does not validate and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...)
@@ -55741,7 +55741,7 @@ CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not saniti
CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24578 (The SportsPress WordPress plugin before 2.7.9 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...)
@@ -97474,7 +97474,7 @@ CVE-2020-19772
CVE-2020-19771
RESERVED
CVE-2020-19770 (A cross-site scripting (XSS) vulnerability in the system bulletin comp ...)
- TODO: check
+ NOT-FOR-US: WUZHI CMS
CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...)
NOT-FOR-US: Rob The Bank
CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...)
@@ -125800,7 +125800,7 @@ CVE-2020-8970
CVE-2020-8969
RESERVED
CVE-2020-8968 (Parallels Remote Application Server (RAS) allows a local attacker to r ...)
- TODO: check
+ NOT-FOR-US: Parallels Remote Application Server (RAS)
CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...)
NOT-FOR-US: GESIO
CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb60dfd19ff4385869c93e454deb22f2cdf3e23f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb60dfd19ff4385869c93e454deb22f2cdf3e23f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211221/2c789cf7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list