[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu Mar 18 20:29:56 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
892cd710 by Salvatore Bonaccorso at 2021-03-18T21:29:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,17 +77,17 @@ CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 allows XSS in transform
 CVE-2021-28795
 	RESERVED
 CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual Studio Co ...)
-	TODO: check
+	NOT-FOR-US: ShellCheck extension for Visual Studio Code
 CVE-2021-28793
 	RESERVED
 CVE-2021-28792 (The unofficial Swift Development Environment extension before 2.12.1 f ...)
-	TODO: check
+	NOT-FOR-US: Swift Development Environment extension for Visual Studio Code
 CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Co ...)
-	TODO: check
+	NOT-FOR-US: SwiftFormat extension for Visual Studio Code
 CVE-2021-28790 (The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code ...)
-	TODO: check
+	NOT-FOR-US: SwiftLint extension for Visual Studio Code
 CVE-2021-28789 (The unofficial apple/swift-format extension before 1.1.2 for Visual St ...)
-	TODO: check
+	NOT-FOR-US: apple/swift-format extension for Visual Studio Code
 CVE-2021-28788
 	RESERVED
 CVE-2021-28787
@@ -865,13 +865,13 @@ CVE-2021-28422
 CVE-2021-28421
 	RESERVED
 CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
-	TODO: check
+	NOT-FOR-US: Seo Panel
 CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnera ...)
-	TODO: check
+	NOT-FOR-US: Seo Panel
 CVE-2021-28418 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
-	TODO: check
+	NOT-FOR-US: Seo Panel
 CVE-2021-28417 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote at ...)
-	TODO: check
+	NOT-FOR-US: Seo Panel
 CVE-2021-28416
 	RESERVED
 CVE-2021-28415
@@ -1490,7 +1490,7 @@ CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485
 CVE-2021-28145 (Concrete CMS (formerly concrete5) before 8.5.5 allows remote authentic ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote a ...)
 	NOT-FOR-US: D-Link
 CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated  ...)
@@ -1514,7 +1514,7 @@ CVE-2021-28135
 CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote attacke ...)
 	NOT-FOR-US: Clipper
 CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private informat ...)
-	TODO: check
+	NOT-FOR-US: Zoom
 CVE-2021-3427
 	RESERVED
 CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows unauthenticated  ...)
@@ -2653,7 +2653,7 @@ CVE-2021-27658
 CVE-2021-27657
 	RESERVED
 CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior could a ...)
-	TODO: check
+	NOT-FOR-US: exacqVision Web Service
 CVE-2021-27655
 	RESERVED
 CVE-2021-27654
@@ -3426,7 +3426,7 @@ CVE-2021-27308
 CVE-2021-27307
 	RESERVED
 CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in Kong Gat ...)
-	TODO: check
+	NOT-FOR-US: Kong Gateway
 CVE-2021-27305
 	RESERVED
 CVE-2021-27304
@@ -6025,15 +6025,15 @@ CVE-2021-26239
 CVE-2021-26238
 	RESERVED
 CVE-2021-26237 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
-	TODO: check
+	NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26236 (FastStone Image Viewer v.<= 7.5 is affected by a Stack-based Buffer ...)
-	TODO: check
+	NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26235 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
-	TODO: check
+	NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26234 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
-	TODO: check
+	NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26233 (FastStone Image Viewer <= 7.5 is affected by a user mode write acce ...)
-	TODO: check
+	NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26232
 	RESERVED
 CVE-2021-26231
@@ -6067,9 +6067,9 @@ CVE-2021-26218
 CVE-2021-26217
 	RESERVED
 CVE-2021-26216 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...)
-	TODO: check
+	NOT-FOR-US: SeedDMS
 CVE-2021-26215 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out. ...)
-	TODO: check
+	NOT-FOR-US: SeedDMS
 CVE-2021-26214
 	RESERVED
 CVE-2021-26213
@@ -10773,51 +10773,51 @@ CVE-2021-24151
 CVE-2021-24150
 	RESERVED
 CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress plugin, ...)
-	TODO: check
+	NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
 CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, versions be ...)
-	TODO: check
+	NOT-FOR-US: MStore API WordPress plugin
 CVE-2021-24147 (Unvalidated input and lack of output encoding in the Modern Events Cal ...)
-	TODO: check
+	NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
 CVE-2021-24146 (Lack of authorisation checks in the Modern Events Calendar Lite WordPr ...)
-	TODO: check
+	NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
 CVE-2021-24145 (Arbitrary file upload in the Modern Events Calendar Lite WordPress plu ...)
-	TODO: check
+	NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
 CVE-2021-24144 (Unvalidated input in the Contact Form 7 Database Addon plugin, version ...)
-	TODO: check
+	NOT-FOR-US: Contact Form 7 Database Addon plugin,
 CVE-2021-24143 (Unvalidated input in the AccessPress Social Icons plugin, versions bef ...)
-	TODO: check
+	NOT-FOR-US: AccessPress Social Icons plugin
 CVE-2021-24142 (Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPre ...)
-	TODO: check
+	NOT-FOR-US: 301 Redirects - Easy Redirect Manager WordPress plugin
 CVE-2021-24141 (Unvaludated input in the Advanced Database Cleaner plugin, versions be ...)
-	TODO: check
+	NOT-FOR-US: Advanced Database Cleaner plugin
 CVE-2021-24140 (Unvalidated input in the Ajax Load More WordPress plugin, versions bef ...)
-	TODO: check
+	NOT-FOR-US: Ajax Load More WordPress plugin
 CVE-2021-24139 (Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress ...)
-	TODO: check
+	NOT-FOR-US: Photo Gallery (10Web Photo Gallery) WordPress plugin
 CVE-2021-24138 (Unvalidated input in the AdRotate WordPress plugin, versions before 5. ...)
-	TODO: check
+	NOT-FOR-US: AdRotate WordPress plugin
 CVE-2021-24137 (Unvalidated input in the Blog2Social WordPress plugin, versions before ...)
-	TODO: check
+	NOT-FOR-US: Blog2Social WordPress plugin
 CVE-2021-24136 (Unvalidated input and lack of output encoding in the Testimonials Widg ...)
-	TODO: check
+	NOT-FOR-US: Testimonials Widget WordPress plugin
 CVE-2021-24135 (Unvalidated input and lack of output encoding in the WP Customer Revie ...)
-	TODO: check
+	NOT-FOR-US: WP Customer Reviews WordPress plugin
 CVE-2021-24134 (Unvalidated input and lack of output encoding in the Constant Contact  ...)
-	TODO: check
+	NOT-FOR-US: Constant Contact Forms WordPress plugin
 CVE-2021-24133 (Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions b ...)
-	TODO: check
+	NOT-FOR-US: ActiveCampaign WordPress plugin
 CVE-2021-24132 (The Slider by 10Web WordPress plugin, versions before 1.2.36, in the b ...)
-	TODO: check
+	NOT-FOR-US: 10Web WordPress plugin
 CVE-2021-24131 (Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, vers ...)
-	TODO: check
+	NOT-FOR-US: Anti-Spam by CleanTalk WordPress plugin
 CVE-2021-24130 (Unvalidated input in the WP Google Map Plugin WordPress plugin, versio ...)
-	TODO: check
+	NOT-FOR-US: WP Google Map Plugin WordPress plugin
 CVE-2021-24129 (Unvalidated input and lack of output encoding in the Themify Portfolio ...)
-	TODO: check
+	NOT-FOR-US: Themify Portfolio Post WordPress plugin
 CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team Members Word ...)
-	TODO: check
+	NOT-FOR-US: Team Members WordPress plugin
 CVE-2021-24127 (Unvalidated input and lack of output encoding in the ThirstyAffiliates ...)
-	TODO: check
+	NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin
 CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira Gallery Li ...)
 	TODO: check
 CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress plugin, ve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/892cd7101c439722ec4030ca5f02d5f5d0164737

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/892cd7101c439722ec4030ca5f02d5f5d0164737
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210318/571ca28a/attachment.htm>

More information about the debian-security-tracker-commits mailing list