[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 1 20:51:24 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b4c83d3e by Salvatore Bonaccorso at 2021-11-01T21:51:00+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -185,7 +185,7 @@ CVE-2021-43084
CVE-2021-3916
RESERVED
CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-43083
RESERVED
CVE-2021-43082
@@ -193,9 +193,9 @@ CVE-2021-43082
CVE-2021-3915
RESERVED
CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-43081
RESERVED
CVE-2021-43080
@@ -341,11 +341,11 @@ CVE-2021-3907
CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...)
NOT-FOR-US: bookstack
CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-43032
RESERVED
CVE-2021-43031
@@ -400,7 +400,7 @@ CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...)
NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43
NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149)
CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-43010
RESERVED
CVE-2021-43009
@@ -1381,7 +1381,7 @@ CVE-2021-42559
CVE-2021-42558
RESERVED
CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...)
- TODO: check
+ NOT-FOR-US: Jeedom
CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...)
NOT-FOR-US: Rasa X
CVE-2021-42555
@@ -3961,7 +3961,7 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
CVE-2021-3857
RESERVED
CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
- TODO: check
+ NOT-FOR-US: Apache MINA
CVE-2021-41972
RESERVED
CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...)
@@ -11290,7 +11290,7 @@ CVE-2021-38849
CVE-2021-38848
RESERVED
CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...)
- TODO: check
+ NOT-FOR-US: S-Cart
CVE-2021-38846
RESERVED
CVE-2021-38845
@@ -11778,9 +11778,9 @@ CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/us
CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...)
NOT-FOR-US: Eigen
CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...)
- polipo <removed>
[buster] - polipo <ignored> (Minor issue)
@@ -35187,9 +35187,9 @@ CVE-2021-29215
CVE-2021-29214
RESERVED
CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...)
NOT-FOR-US: HPE
CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...)
@@ -37534,7 +37534,7 @@ CVE-2021-28217
CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...)
NOT-FOR-US: HP
CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...)
- TODO: check
+ NOT-FOR-US: HP
CVE-2021-3439
RESERVED
CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...)
@@ -39039,7 +39039,7 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka g
NOTE: Introducing commit present in Debian since 2.28-1 with addition of
NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919
CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...)
- TODO: check
+ NOT-FOR-US: Apache DolphinScheduler
CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -40473,9 +40473,9 @@ CVE-2021-27007
CVE-2021-27006
RESERVED
CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...)
- TODO: check
+ NOT-FOR-US: Clustered Data ONTAP
CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...)
- TODO: check
+ NOT-FOR-US: NetAPP
CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...)
NOT-FOR-US: Clustered Data ONTAP (NetApp)
CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...)
@@ -41126,9 +41126,9 @@ CVE-2021-26742
CVE-2021-26741
RESERVED
CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...)
- TODO: check
+ NOT-FOR-US: doyocms
CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows ...)
- TODO: check
+ NOT-FOR-US: doyocms
CVE-2021-26738
RESERVED
CVE-2021-26737
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c83d3e33cd13a01c3e739c0ff11ad1a2258b73
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c83d3e33cd13a01c3e739c0ff11ad1a2258b73
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211101/cc32f8b2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list