[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Dec 27 20:29:23 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf667dcc by Salvatore Bonaccorso at 2021-12-27T21:29:06+01:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81,7 +81,7 @@ CVE-2021-45845
 CVE-2021-45844
 	RESERVED
 CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...)
-	TODO: check
+	NOT-FOR-US: glFusion CMS
 CVE-2021-45842
 	RESERVED
 CVE-2021-45841
@@ -187,11 +187,11 @@ CVE-2021-45792
 CVE-2021-45791
 	RESERVED
 CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...)
-	TODO: check
+	NOT-FOR-US: Metersphere
 CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...)
-	TODO: check
+	NOT-FOR-US: Metersphere
 CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...)
-	TODO: check
+	NOT-FOR-US: Metersphere
 CVE-2021-45787
 	RESERVED
 CVE-2021-45786
@@ -1674,15 +1674,15 @@ CVE-2021-45341
 CVE-2021-45340
 	RESERVED
 CVE-2021-45339 (Privilege escalation vulnerability in Avast Antivirus prior to 20.4 al ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2021-45338 (Multiple privilege escalation vulnerabilities in Avast Antivirus prior ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2021-45337 (Privilege escalation vulnerability in the Self-Defense driver of Avast ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2021-45336 (Privilege escalation vulnerability in the Sandbox component of Avast A ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2021-45335 (Sandbox component in Avast Antivirus prior to 20.4 has an insecure per ...)
-	TODO: check
+	NOT-FOR-US: Avast Antivirus
 CVE-2021-45334
 	RESERVED
 CVE-2021-45333
@@ -2142,7 +2142,7 @@ CVE-2022-21954
 CVE-2021-45233
 	RESERVED
 CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...)
-	TODO: check
+	NOT-FOR-US: Apache APISIX Dashboard
 CVE-2021-45231
 	RESERVED
 CVE-2021-45230
@@ -6354,9 +6354,9 @@ CVE-2021-43858
 CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to  ...)
 	TODO: check
 CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...)
-	TODO: check
+	NOT-FOR-US: Wiki.js
 CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...)
-	TODO: check
+	NOT-FOR-US: Wiki.js
 CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...)
 	- nltk <unfixed> (bug #1002623)
 	NOTE: https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x
@@ -21341,7 +21341,7 @@ CVE-2021-38963
 CVE-2021-38962
 	RESERVED
 CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2021-38960
 	RESERVED
 CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...)
@@ -30345,7 +30345,7 @@ CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allow
 CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server  ...)
 	NOT-FOR-US: Kiwi Syslog Server
 CVE-2021-35232 (Hard coded credentials discovered in SolarWinds Web Help Desk product. ...)
-	TODO: check
+	NOT-FOR-US: SolarWinds
 CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...)
 	NOT-FOR-US: Kiwi Syslog Server Installation Wizard
 CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
@@ -56260,9 +56260,9 @@ CVE-2021-25000
 CVE-2021-24999
 	RESERVED
 CVE-2021-24998 (The Simple JWT Login WordPress plugin before 3.3.0 can be used to crea ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24997 (The WP Guppy WordPress plugin before 1.3 does not have any authorisati ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24996
 	RESERVED
 CVE-2021-24995
@@ -56272,7 +56272,7 @@ CVE-2021-24994
 CVE-2021-24993
 	RESERVED
 CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24991
 	RESERVED
 CVE-2021-24990
@@ -56280,7 +56280,7 @@ CVE-2021-24990
 CVE-2021-24989
 	RESERVED
 CVE-2021-24988 (The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24987
 	RESERVED
 CVE-2021-24986
@@ -56288,7 +56288,7 @@ CVE-2021-24986
 CVE-2021-24985
 	RESERVED
 CVE-2021-24984 (The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24983
 	RESERVED
 CVE-2021-24982
@@ -56296,9 +56296,9 @@ CVE-2021-24982
 CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24980 (The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24979 (The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24978
 	RESERVED
 CVE-2021-24977
@@ -56318,11 +56318,11 @@ CVE-2021-24971
 CVE-2021-24970 (The All-in-One Video Gallery WordPress plugin before 2.5.0 does not sa ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24969 (The WordPress Download Manager WordPress plugin before 3.2.22 does not ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24968
 	RESERVED
 CVE-2021-24967 (The Contact Form & Lead Form Elementor Builder WordPress plugin be ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24966
 	RESERVED
 CVE-2021-24965
@@ -56452,7 +56452,7 @@ CVE-2021-24904
 CVE-2021-24903
 	RESERVED
 CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24901
 	RESERVED
 CVE-2021-24900
@@ -56662,7 +56662,7 @@ CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does no
 CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sanitise a ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24797 (The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not properly saniti ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24795 (The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking C ...)
@@ -56750,7 +56750,7 @@ CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or esca
 CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24753 (The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not pr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...)
 	NOT-FOR-US: WordPress plugins
 CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...)
@@ -63741,9 +63741,9 @@ CVE-2021-21753
 CVE-2021-21752
 	RESERVED
 CVE-2021-21751 (ZTE BigVideo analysis product has an input verification vulnerability. ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21750 (ZTE BigVideo Analysis product has a privilege escalation vulnerability ...)
-	TODO: check
+	NOT-FOR-US: ZTE
 CVE-2021-21749 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
 	NOT-FOR-US: ZTE
 CVE-2021-21748 (ZTE MF971R product has two stack-based buffer overflow vulnerabilities ...)
@@ -67481,11 +67481,11 @@ CVE-2021-20878
 CVE-2021-20877
 	RESERVED
 CVE-2021-20876 (Path traversal vulnerability in GroupSession Free edition ver5.1.1 and ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2021-20875 (Open redirect vulnerability in GroupSession Free edition ver5.1.1 and  ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2021-20874 (Incorrect permission assignment for critical resource vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: GroupSession
 CVE-2021-20873
 	RESERVED
 CVE-2021-20872



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf667dcca60f01950dc842c78c982cdb701b5446

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf667dcca60f01950dc842c78c982cdb701b5446
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211227/c942dbe4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list