[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 17 21:24:30 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b832322 by Salvatore Bonaccorso at 2021-05-17T22:24:09+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18530,7 +18530,7 @@ CVE-2021-25266
 CVE-2021-25265 (A malicious website could execute code remotely in Sophos Connect Clie ...)
 	NOT-FOR-US: Sophos Connect Client
 CVE-2021-25264 (In multiple versions of Sophos Endpoint products for MacOS, a local at ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2021-25263
 	RESERVED
 CVE-2021-25262
@@ -20461,13 +20461,13 @@ CVE-2021-24329
 CVE-2021-24328
 	RESERVED
 CVE-2021-24327 (The SEO Redirection Plugin – 301 Redirect Manager WordPress plug ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24326 (The tab parameter of the settings page of the All 404 Redirect to Home ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24325 (The tab parameter of the settings page of the 404 SEO Redirection Word ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24324 (The 404 SEO Redirection WordPress plugin through 1.3 is lacking CSRF c ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24323 (When taxes are enabled, the "Additional tax classes" field was not pro ...)
 	TODO: check
 CVE-2021-24322
@@ -20485,9 +20485,9 @@ CVE-2021-24317
 CVE-2021-24316
 	RESERVED
 CVE-2021-24315 (The GiveWP – Donation Plugin and Fundraising Platform WordPress  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24314 (The Goto WordPress theme before 2.1 did not sanitise, validate of esca ...)
-	TODO: check
+	NOT-FOR-US: WordPress theme
 CVE-2021-24313
 	RESERVED
 CVE-2021-24312
@@ -20517,7 +20517,7 @@ CVE-2021-24301
 CVE-2021-24300
 	RESERVED
 CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 21.0426 provid ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24298
 	RESERVED
 CVE-2021-24297
@@ -20525,19 +20525,19 @@ CVE-2021-24297
 CVE-2021-24296
 	RESERVED
 CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind SQL Inj ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24294
 	RESERVED
 CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress plugin be ...)
 	NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
 CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy A ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordP ...)
 	NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery WordPress plugin
 CVE-2021-24290 (There are several endpoints in the Store Locator Plus for WordPress pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24289 (There is functionality in the Store Locator Plus for WordPress plugin  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24288 (When subscribing using AcyMailing, the 'redirect' parameter isn't prop ...)
 	TODO: check
 CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies, Change  ...)
@@ -24313,7 +24313,7 @@ CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Ve
 CVE-2021-22669 (Incorrect permissions are set to default on the ‘Project Managem ...)
 	NOT-FOR-US: WebAccess/SCADA
 CVE-2021-22668 (Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (wit ...)
-	TODO: check
+	NOT-FOR-US: Delta Industrial Automation
 CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...)
 	NOT-FOR-US: BB-ESWGP506-2SFP-T
 CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...)
@@ -36049,7 +36049,7 @@ CVE-2020-29207
 CVE-2020-29206
 	RESERVED
 CVE-2020-29205 (XSS in signup form in Project Worlds Online Examination System 1.0 all ...)
-	TODO: check
+	NOT-FOR-US: Project Worlds Online Examination System
 CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-charact ...)
 	NOT-FOR-US: XXL-JOB
 CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow because ...)
@@ -49567,9 +49567,9 @@ CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c i
 	NOTE: https://github.com/libass/libass/issues/423
 	NOTE: https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e799 (0.15.0)
 CVE-2020-24993 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...)
-	TODO: check
+	NOT-FOR-US: CmsWing
 CVE-2020-24992 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...)
-	TODO: check
+	NOT-FOR-US: CmsWing
 CVE-2020-24991
 	RESERVED
 CVE-2020-24990 (An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b83232279359181e32cd5e8e8de2292689ebebb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b83232279359181e32cd5e8e8de2292689ebebb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210517/4e8bc9eb/attachment.htm>

More information about the debian-security-tracker-commits mailing list