[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Thu May 6 21:57:41 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3dd4490 by Salvatore Bonaccorso at 2021-05-06T22:57:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -185,7 +185,7 @@ CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 t
 	NOTE: https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc
 	NOTE: imap_qresync not enabled by default and considered an experimental feature
 CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...)
-	TODO: check
+	NOT-FOR-US: ASUS
 CVE-2021-32029
 	RESERVED
 CVE-2021-32028
@@ -860,7 +860,7 @@ CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24
 CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...)
 	NOT-FOR-US: Directum
 CVE-2021-31793 (An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that  ...)
-	TODO: check
+	NOT-FOR-US: NightOwl WDB-20-V2 WDB-20-V2_20190314 devices
 CVE-2021-31792 (XSS in the client account page in SuiteCRM before 7.11.19 allows an at ...)
 	NOT-FOR-US: SuiteCRM
 CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...)
@@ -1223,7 +1223,7 @@ CVE-2021-31618
 CVE-2021-31617
 	RESERVED
 CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...)
-	TODO: check
+	NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
 CVE-2021-31615
 	RESERVED
 CVE-2021-31614
@@ -1384,7 +1384,7 @@ CVE-2021-31534
 CVE-2021-31533
 	RESERVED
 CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1  ...)
-	TODO: check
+	NOT-FOR-US: NXP
 CVE-2021-31531
 	RESERVED
 CVE-2021-31530
@@ -1681,11 +1681,11 @@ CVE-2021-31413
 CVE-2021-31412
 	RESERVED
 CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of  ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...)
 	NOT-FOR-US: Vaadin
 CVE-2021-31409 (Unsafe validation RegEx in EmailValidator component in com.vaadin:vaad ...)
-	TODO: check
+	NOT-FOR-US: Vaadin
 CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...)
 	NOT-FOR-US: Vaadin
 CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...)
@@ -6987,7 +6987,7 @@ CVE-2021-29103
 CVE-2021-29102
 	RESERVED
 CVE-2021-29101 (ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only direc ...)
-	TODO: check
+	NOT-FOR-US: ArcGIS GeoEvent Server
 CVE-2021-29100 (A path traversal vulnerability exists in Esri ArcGIS Earth versions 1. ...)
 	NOT-FOR-US: Esri
 CVE-2021-29099
@@ -9096,13 +9096,13 @@ CVE-2021-28155
 CVE-2021-28154 (** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 all ...)
 	NOT-FOR-US: Camunda Modeler
 CVE-2021-28152 (Hongdian H8922 3.0.5 devices have an undocumented feature that allows  ...)
-	TODO: check
+	NOT-FOR-US: Hongdian H8922 3.0.5 devices
 CVE-2021-28151 (Hongdian H8922 3.0.5 devices allow OS command injection via shell meta ...)
-	TODO: check
+	NOT-FOR-US: Hongdian H8922 3.0.5 devices
 CVE-2021-28150 (Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read ...)
-	TODO: check
+	NOT-FOR-US: Hongdian H8922 3.0.5 devices
 CVE-2021-28149 (Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_downl ...)
-	TODO: check
+	NOT-FOR-US: Hongdian H8922 3.0.5 devices
 CVE-2021-28148 (One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x ...)
 	- grafana <removed>
 CVE-2021-28147 (The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x bef ...)
@@ -18270,7 +18270,7 @@ CVE-2021-24295
 CVE-2021-24294
 	RESERVED
 CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...)
-	TODO: check
+	NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
 CVE-2021-24292
 	RESERVED
 CVE-2021-24291
@@ -18304,73 +18304,73 @@ CVE-2021-24278
 CVE-2021-24277
 	RESERVED
 CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15 did not s ...)
-	TODO: check
+	NOT-FOR-US: Supsystic WordPress plugin
 CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise ...)
-	TODO: check
+	NOT-FOR-US: Supsystic WordPress plugin
 CVE-2021-24274 (The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not s ...)
-	TODO: check
+	NOT-FOR-US: Supsystic WordPress plugin
 CVE-2021-24273 (The “Clever Addons for Elementor” WordPress Plugin before  ...)
-	TODO: check
+	NOT-FOR-US: WordPress Plugin
 CVE-2021-24272 (The fitness calculators WordPress plugin before 1.9.6 add calculators  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24271 (The “Ultimate Addons for Elementor” WordPress Plugin befor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24270 (The “DeTheme Kit for Elementor” WordPress Plugin before 1. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24269 (The “Sina Extension for Elementor” WordPress Plugin before ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24268 (The “JetWidgets For Elementor” WordPress Plugin before 1.0 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24267 (The “All-in-One Addons for Elementor – WidgetKit” Wo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24266 (The “The Plus Addons for Elementor Page Builder Lite” Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24265 (The “Rife Elementor Extensions & Templates” WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24264 (The “Image Hover Effects – Elementor Addon” WordPres ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24263 (The “Elementor Addons – PowerPack Addons for Elementor&#82 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24262 (The “WooLentor – WooCommerce Elementor Addons + Builder&#8 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24261 (The “HT Mega – Absolute Addons for Elementor Page Builder& ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24260 (The “Livemesh Addons for Elementor” WordPress Plugin befor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24259 (The “Elementor Addon Elements” WordPress Plugin before 1.1 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24258 (The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2. ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24257 (The “Premium Addons for Elementor” WordPress Plugin before ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24256 (The “Elementor – Header, Footer & Blocks Template&#822 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24255 (The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24254 (The College publisher Import WordPress plugin through 0.1 does not che ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24253 (The Classyfrieds WordPress plugin through 3.8 does not properly check  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24252 (The Event Banner WordPress plugin through 1.3 does not verify the uplo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24251 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24250 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24249 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24248 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24247 (The Contact Form Check Tester WordPress plugin through 1.0.2 settings  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24246 (The Workscout Core WordPress plugin before 1.3.4, used by the WorkScou ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24245 (The Stop Spammers WordPress plugin before 2021.9 did not escape user i ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24244 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24243 (An AJAX action registered by the WPBakery Page Builder (Visual Compose ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24242 (The Tutor LMS – eLearning and online course solution WordPress p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24241 (The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not p ...)
@@ -18384,7 +18384,7 @@ CVE-2021-24238 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Th
 CVE-2021-24237 (The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, d ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24236 (The Imagements WordPress plugin through 1.2.5 allows images to be uplo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24235 (The Goto WordPress theme before 2.0 does not sanitise the keywords and ...)
 	NOT-FOR-US: WordPress theme
 CVE-2021-24234 (The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 ...)
@@ -18428,7 +18428,7 @@ CVE-2021-24216
 CVE-2021-24215 (An Improper Access Control vulnerability was discovered in the Control ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24214 (The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24213 (The GiveWP – Donation Plugin and Fundraising Platform WordPress  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24212 (The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://wooc ...)
@@ -18498,9 +18498,9 @@ CVE-2021-24181 (The tutor_mark_answer_as_correct AJAX action from the Tutor LMS
 CVE-2021-24180 (Unvalidated input and lack of output encoding within the Related Posts ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-24179 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24178 (The Business Directory Plugin – Easy Listing Directories for Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24177 (In the default configuration of the File Manager WordPress plugin befo ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-24176 (The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the re ...)
@@ -24408,7 +24408,7 @@ CVE-2021-21529 (Dell System Update (DSU) 1.9 and earlier versions contain a deni
 CVE-2021-21528
 	RESERVED
 CVE-2021-21527 (Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization o ...)
-	TODO: check
+	NOT-FOR-US: Dell
 CVE-2021-21526 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in ...)
 	NOT-FOR-US: Dell PowerScale OneFS
 CVE-2021-21525
@@ -35213,17 +35213,17 @@ CVE-2021-1537
 CVE-2021-1536
 	RESERVED
 CVE-2021-1535 (A vulnerability in the cluster management interface of Cisco SD-WAN vM ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1534
 	RESERVED
 CVE-2021-1533
 	RESERVED
 CVE-2021-1532 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1531
 	RESERVED
 CVE-2021-1530 (A vulnerability in the web-based management interface of Cisco BroadWo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1529
 	RESERVED
 CVE-2021-1528
@@ -35241,23 +35241,23 @@ CVE-2021-1523
 CVE-2021-1522
 	RESERVED
 CVE-2021-1521 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1520 (A vulnerability in the internal message processing of Cisco RV340, RV3 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1519 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1518
 	RESERVED
 CVE-2021-1517
 	RESERVED
 CVE-2021-1516 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1515 (A vulnerability in Cisco SD-WAN vManage Software could allow an unauth ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1514 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1513 (A vulnerability in the vDaemon process of Cisco SD-WAN Software could  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2021-1512 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
 	TODO: check
 CVE-2021-1511 (Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3dd44901c2115ea1885fb3e8f5ebd4f0807661f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f3dd44901c2115ea1885fb3e8f5ebd4f0807661f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210506/bb65fadf/attachment.htm>


More information about the debian-security-tracker-commits mailing list