[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 17 20:28:31 GMT 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70388a34 by Salvatore Bonaccorso at 2021-11-17T21:28:02+01:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,11 +31,11 @@ CVE-2021-43981
 CVE-2021-43980
 	RESERVED
 CVE-2021-43979 (** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0  ...)
-	TODO: check
+	NOT-FOR-US: Styra Open Policy Agent (OPA) Gatekeeper
 CVE-2021-43978
 	RESERVED
 CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools
 CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...)
 	- linux <unfixed>
 	NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/
@@ -2042,11 +2042,11 @@ CVE-2021-43555
 CVE-2021-43554
 	RESERVED
 CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft
 CVE-2021-43552
 	RESERVED
 CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...)
-	TODO: check
+	NOT-FOR-US: OSIsoft
 CVE-2021-43550
 	RESERVED
 CVE-2021-43549
@@ -4447,11 +4447,11 @@ CVE-2021-42958
 CVE-2021-42957
 	RESERVED
 CVE-2021-42956 (Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.21 ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-42955 (Zoho Remote Access Plus Server Windows Desktop binary fixed in version ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1. ...)
-	TODO: check
+	NOT-FOR-US: Zoho
 CVE-2021-42953
 	RESERVED
 CVE-2021-42952
@@ -6805,9 +6805,9 @@ CVE-2021-42364
 CVE-2021-42363
 	RESERVED
 CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-42361 (The Contact Form Email WordPress plugin is vulnerable to Stored Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress installed, i ...)
 	NOT-FOR-US: Elementor plugin for WordPress
 CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-di ...)
@@ -7291,7 +7291,7 @@ CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/a
 CVE-2021-42251
 	RESERVED
 CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Superset HT ...)
-	TODO: check
+	NOT-FOR-US:  Apache Superset
 CVE-2021-42249
 	RESERVED
 CVE-2021-42248
@@ -8062,7 +8062,7 @@ CVE-2021-41933
 CVE-2021-41932
 	RESERVED
 CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...)
-	TODO: check
+	NOT-FOR-US: Company's Recruitment Management System
 CVE-2021-41930
 	RESERVED
 CVE-2021-41929
@@ -10843,7 +10843,7 @@ CVE-2021-40747
 CVE-2021-40746
 	RESERVED
 CVE-2021-40745 (Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Trav ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2021-40744
 	RESERVED
 CVE-2021-40743
@@ -23350,7 +23350,7 @@ CVE-2021-35530
 CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...)
 	NOT-FOR-US: Hitachi
 CVE-2021-35528 (Improper Access Control vulnerability in the application authenticatio ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...)
 	NOT-FOR-US: Hitachi ABB Power Grids eSOMS
 CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...)
@@ -30425,7 +30425,7 @@ CVE-2021-32602 (An improper neutralization of input during web page generation v
 CVE-2021-32601
 	RESERVED
 CVE-2021-32600 (An exposure of sensitive information to an unauthorized actor vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Fortiguard
 CVE-2021-32599
 	RESERVED
 CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...)
@@ -31324,7 +31324,7 @@ CVE-2021-32236
 CVE-2021-32235
 	RESERVED
 CVE-2021-32234 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows r ...)
-	TODO: check
+	NOT-FOR-US: SmarterTools
 CVE-2021-32233 (SmarterTools SmarterMail before Build 7776 allows XSS. ...)
 	NOT-FOR-US: SmarterTools SmarterMail
 CVE-2021-32232
@@ -50118,25 +50118,25 @@ CVE-2021-24858
 CVE-2021-24857
 	RESERVED
 CVE-2021-24856 (The Shared Files WordPress plugin before 1.6.61 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24855
 	RESERVED
 CVE-2021-24854 (The QR Redirector WordPress plugin before 1.6.1 does not sanitise and  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24853 (The QR Redirector WordPress plugin before 1.6 does not have capability ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24852 (The MouseWheel Smooth Scroll WordPress plugin before 5.7 does not have ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with a rol ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24849
 	RESERVED
 CVE-2021-24848
 	RESERVED
 CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24846
 	RESERVED
 CVE-2021-24845
@@ -50148,7 +50148,7 @@ CVE-2021-24843
 CVE-2021-24842
 	RESERVED
 CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
 	NOT-FOR-US: WordPress theme
 CVE-2021-24839
@@ -50162,9 +50162,9 @@ CVE-2021-24836
 CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with Bookings  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24834 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24833 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24831
@@ -50200,7 +50200,7 @@ CVE-2021-24817
 CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24815 (The Accept Donations with PayPal WordPress plugin before 1.3.2 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24814
 	RESERVED
 CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise  ...)
@@ -50222,11 +50222,11 @@ CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF w
 CVE-2021-24805
 	RESERVED
 CVE-2021-24804 (The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24803
 	RESERVED
 CVE-2021-24802 (The Colorful Categories WordPress plugin before 2.0.15 does not enforc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24800
@@ -50238,7 +50238,7 @@ CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sani
 CVE-2021-24797
 	RESERVED
 CVE-2021-24796 (The My Tickets WordPress plugin before 1.8.31 does not properly saniti ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24795
 	RESERVED
 CVE-2021-24794 (The Connections Business Directory WordPress plugin before 10.4.3 does ...)
@@ -50256,7 +50256,7 @@ CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape
 CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24787 (The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24786
 	RESERVED
 CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and  ...)
@@ -50278,7 +50278,7 @@ CVE-2021-24778
 CVE-2021-24777
 	RESERVED
 CVE-2021-24776 (The WP Performance Score Booster WordPress plugin before 2.1 does not  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24775
 	RESERVED
 CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...)
@@ -50286,7 +50286,7 @@ CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not
 CVE-2021-24773 (The WordPress Download Manager WordPress plugin before 3.2.16 does not ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24772 (The Stream WordPress plugin before 3.8.2 does not sanitise and validat ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24771
 	RESERVED
 CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not perform  ...)
@@ -50314,7 +50314,7 @@ CVE-2021-24760 (The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 doe
 CVE-2021-24759
 	RESERVED
 CVE-2021-24758 (The Email Log WordPress plugin before 2.4.7 does not properly validate ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not perform  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24756
@@ -50634,7 +50634,7 @@ CVE-2021-24600 (The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise
 CVE-2021-24599 (The Email Encoder – Protect Email Addresses WordPress plugin bef ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24598 (The Testimonial WordPress plugin before 1.6.0 does not escape some tes ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its qrcod ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...)
@@ -108791,7 +108791,7 @@ CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Grap
 CVE-2020-12962 (Escape call interface in the AMD Graphics Driver for Windows may cause ...)
 	NOT-FOR-US: AMD
 CVE-2020-12961 (A potential vulnerability exists in AMD Platform Security Processor (P ...)
-	TODO: check
+	NOT-FOR-US: AMD
 CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly handl ...)
 	NOT-FOR-US: AMD
 CVE-2020-12959



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70388a34b3a8ebbab38819bb1031fbb63363f88d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70388a34b3a8ebbab38819bb1031fbb63363f88d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211117/cfcc4135/attachment.htm>

More information about the debian-security-tracker-commits mailing list