[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 14 21:21:07 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
04d67e52 by Salvatore Bonaccorso at 2021-06-14T22:20:44+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4450,7 +4450,7 @@ CVE-2021-32684
 CVE-2021-32683
 	RESERVED
 CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...)
-	TODO: check
+	NOT-FOR-US: elFinder
 CVE-2021-32681
 	RESERVED
 CVE-2021-32680
@@ -24540,7 +24540,7 @@ CVE-2021-24384
 CVE-2021-24383
 	RESERVED
 CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24381
 	RESERVED
 CVE-2021-24380
@@ -24584,37 +24584,37 @@ CVE-2021-24362
 CVE-2021-24361
 	RESERVED
 CVE-2021-24360 (The Yes/No Chart WordPress plugin before 1.0.12 did not sanitise its s ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24359 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24358 (The Plus Addons for Elementor Page Builder WordPress plugin before 4.1 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24357 (In the Best Image Gallery & Responsive Photo Gallery – FooGa ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24356 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24355 (In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24354 (A lack of capability checks and insufficient nonce check on the AJAX a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24353 (The import_data function of the Simple 301 Redirects by BetterLinks Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24352 (The export_data function of the Simple 301 Redirects by BetterLinks Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24351 (The theplus_more_post AJAX action of The Plus Addons for Elementor Pag ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24350 (The Visitors WordPress plugin through 0.3 is affected by an Unauthenti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24349 (This Gallery from files WordPress plugin through 1.6.0 gives the funct ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24348 (The menu delete functionality of the Side Menu – add fixed side  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24347 (The SP Project & Document Manager WordPress plugin before 4.22 all ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24346 (The Stock in & out WordPress plugin through 1.0.4 has a search fun ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24345 (The page lists-management feature of the Sendit WP Newsletter WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24344 (The Easy Preloader WordPress plugin through 1.0.0 does not sanitise it ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24343 (The iFlyChat - WordPress Chat plugin through 4.6.4 does not sanitise i ...)
@@ -24622,7 +24622,7 @@ CVE-2021-24343 (The iFlyChat - WordPress Chat plugin through 4.6.4 does not sani
 CVE-2021-24342 (The JNews WordPress theme before 8.0.6 did not sanitise the cat_id par ...)
 	NOT-FOR-US: WordPress theme
 CVE-2021-24341 (When deleting a date in the Xllentech English Islamic Calendar WordPre ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24340 (The WP Statistics WordPress plugin before 13.0.8 relied on using the W ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24339
@@ -28161,7 +28161,7 @@ CVE-2021-22771
 CVE-2021-22770
 	RESERVED
 CVE-2021-22769 (A CWE-269: Improper Privilege Management vulnerability exists in Enerl ...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric
 CVE-2021-22768 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)
 	NOT-FOR-US: PowerLogic EGX300
 CVE-2021-22767 (** UNSUPPORTED WHEN ASSIGNED ** A CWE-20: Improper Input Validation vu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04d67e525cdc22489e81249da0103e1d294fd080

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/04d67e525cdc22489e81249da0103e1d294fd080
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210614/e0e95441/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list