[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 15 08:08:29 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6cb58496 by Salvatore Bonaccorso at 2021-05-15T09:08:03+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -448,7 +448,7 @@ CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mix
 CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...)
 	TODO: check
 CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...)
-	TODO: check
+	NOT-FOR-US: ProtonMail Web Client
 CVE-2021-32815
 	RESERVED
 CVE-2021-32814
@@ -6486,7 +6486,7 @@ CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via c
 	NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
 	NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
 CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions of Oct ...)
-	TODO: check
+	NOT-FOR-US: Octopus Server
 CVE-2021-30182
 	RESERVED
 CVE-2021-30181
@@ -20470,7 +20470,7 @@ CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plu
 CVE-2021-24292
 	RESERVED
 CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
-	TODO: check
+	NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin
 CVE-2021-24290
 	RESERVED
 CVE-2021-24289
@@ -20478,27 +20478,27 @@ CVE-2021-24289
 CVE-2021-24288
 	RESERVED
 CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress plugin befor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto Classified ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows una ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or escaped ...)
 	TODO: check
 CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24280 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24279 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, l ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24278 (In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, u ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24277 (The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15 did not s ...)
 	NOT-FOR-US: Supsystic WordPress plugin
 CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise ...)
@@ -20662,21 +20662,21 @@ CVE-2021-24197 (The wpDataTables – Tables & Table Charts premium WordP
 CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed Authent ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-24195 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24194 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24193 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24192 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24191 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24190 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24189 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24188 (Low privileged users can use the AJAX action 'cp_plugins_do_button_job ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect Manager  ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function pair from  ...)
@@ -44154,9 +44154,9 @@ CVE-2020-27187 (An issue was discovered in KDE Partition Manager 4.1.0 before 4.
 CVE-2020-27186
 	RESERVED
 CVE-2020-27185 (Cleartext transmission of sensitive information via Moxa Service in NP ...)
-	TODO: check
+	NOT-FOR-US: Moxa Service in NPort IA5000A series serial devices
 CVE-2020-27184 (The NPort IA5000A Series devices use Telnet as one of the network devi ...)
-	TODO: check
+	NOT-FOR-US: NPort IA5000A Series devices
 CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...)
 	NOT-FOR-US: konzept-ix publiXone
 CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...)
@@ -44239,9 +44239,9 @@ CVE-2020-27153 (In BlueZ before 5.55, a double free was found in the gatttool di
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817
 	NOTE: https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
 CVE-2020-27150 (In multiple versions of NPort IA5000A Series, the result of exporting  ...)
-	TODO: check
+	NOT-FOR-US: NPort IA5000A Series devices
 CVE-2020-27149 (By exploiting a vulnerability in NPort IA5150A/IA5250A Series before v ...)
-	TODO: check
+	NOT-FOR-US: NPort IA5150A/IA5250A Series devices
 CVE-2020-27148 (The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange  ...)
 	NOT-FOR-US: TIBCO
 CVE-2020-27147 (The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress c ...)
@@ -44506,7 +44506,7 @@ CVE-2020-27022
 CVE-2020-27021 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible o ...)
 	NOT-FOR-US: Android
 CVE-2020-27020 (Password generator feature in Kaspersky Password Manager was not compl ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky Password Manager
 CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
 	NOT-FOR-US: Trend Micro
 CVE-2020-27018 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
@@ -52331,11 +52331,11 @@ CVE-2020-23693
 CVE-2020-23692
 	RESERVED
 CVE-2020-23691 (YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: YFCMF
 CVE-2020-23690
 	RESERVED
 CVE-2020-23689 (In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments s ...)
-	TODO: check
+	NOT-FOR-US: YFCMF
 CVE-2020-23688
 	RESERVED
 CVE-2020-23687
@@ -63407,9 +63407,9 @@ CVE-2020-18169
 CVE-2020-18168
 	RESERVED
 CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
-	TODO: check
+	NOT-FOR-US: LAOBANCMS
 CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to  ...)
-	TODO: check
+	NOT-FOR-US: LAOBANCMS
 CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...)
 	NOT-FOR-US: LAOBANCMS
 CVE-2020-18164



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb584967088833d5508263e67f681c68925b3e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb584967088833d5508263e67f681c68925b3e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210515/5d123590/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list