[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Nov 24 08:21:50 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c33bb60a by Salvatore Bonaccorso at 2021-11-24T09:21:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1166,17 +1166,17 @@ CVE-2021-43782
CVE-2021-43781
RESERVED
CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...)
- TODO: check
+ NOT-FOR-US: Redash
CVE-2021-43779
RESERVED
CVE-2021-43778
RESERVED
CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...)
- TODO: check
+ NOT-FOR-US: Redash
CVE-2021-43776
RESERVED
CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...)
- TODO: check
+ NOT-FOR-US: Aim
CVE-2021-3967
RESERVED
CVE-2021-3966
@@ -4336,9 +4336,9 @@ CVE-2021-43223
CVE-2021-43222
RESERVED
CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-43219
RESERVED
CVE-2021-43218
@@ -4356,7 +4356,7 @@ CVE-2021-43213
CVE-2021-43212
RESERVED
CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-43210
RESERVED
CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...)
@@ -5348,9 +5348,9 @@ CVE-2021-42786
CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...)
TODO: check
CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-42782
RESERVED
CVE-2021-42781
@@ -7698,11 +7698,11 @@ CVE-2021-42310
CVE-2021-42309
RESERVED
CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-42307
RESERVED
CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...)
NOT-FOR-US: Microsoft
CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...)
@@ -7720,7 +7720,7 @@ CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability ..
CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42295
@@ -10308,7 +10308,7 @@ CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps n
CVE-2021-41193
RESERVED
CVE-2021-41192 (Redash is a package for data visualization and sharing. If an admin se ...)
- TODO: check
+ NOT-FOR-US: Redash
CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...)
NOT-FOR-US: Roblox-Purchasing-Hub
CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...)
@@ -15653,7 +15653,7 @@ CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vul
CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
NOT-FOR-US: IBM
CVE-2021-38980 (IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...)
NOT-FOR-US: IBM
CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...)
@@ -15831,9 +15831,9 @@ CVE-2021-38893
CVE-2021-38892
RESERVED
CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38889
RESERVED
CVE-2021-38888
@@ -15863,7 +15863,7 @@ CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored
CVE-2021-38876
RESERVED
CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38874
RESERVED
CVE-2021-38873
@@ -21995,13 +21995,13 @@ CVE-2021-36337
CVE-2021-36336
RESERVED
CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36333 (Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflo ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javas ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36331
RESERVED
CVE-2021-36330
@@ -22037,13 +22037,13 @@ CVE-2021-36316
CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...)
NOT-FOR-US: EMC
CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36313 (Dell EMC CloudLink 7.1 and all prior versions contain an OS command in ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36312 (Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Pas ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36311 (Dell EMC Networker versions prior to 19.5 contain an Improper Authoriz ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36310 (Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5 ...)
NOT-FOR-US: Dell
CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...)
@@ -22063,11 +22063,11 @@ CVE-2021-36303
CVE-2021-36302
RESERVED
CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36299 (Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...)
NOT-FOR-US: EMC
CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...)
@@ -25122,7 +25122,7 @@ CVE-2021-35035
CVE-2021-35034
RESERVED
CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2021-35032
RESERVED
CVE-2021-35031
@@ -32993,9 +32993,9 @@ CVE-2021-31854
CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...)
NOT-FOR-US: McAfee
CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31850
RESERVED
CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...)
@@ -50651,19 +50651,19 @@ CVE-2021-24896
CVE-2021-24895
RESERVED
CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24893
RESERVED
CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Forms (F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4 does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24890
RESERVED
CVE-2021-24889
RESERVED
CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24887
RESERVED
CVE-2021-24886
@@ -50675,7 +50675,7 @@ CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allo
CVE-2021-24883
RESERVED
CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24881
RESERVED
CVE-2021-24880
@@ -50685,15 +50685,15 @@ CVE-2021-24879
CVE-2021-24878
RESERVED
CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24876
RESERVED
CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24874
RESERVED
CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24872
RESERVED
CVE-2021-24871
@@ -50779,7 +50779,7 @@ CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not h
CVE-2021-24831
RESERVED
CVE-2021-24830 (The Advanced Access Manager WordPress plugin before 6.8.0 does not esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24828
@@ -50815,7 +50815,7 @@ CVE-2021-24814
CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24811
RESERVED
CVE-2021-24810
@@ -50981,7 +50981,7 @@ CVE-2021-24731 (The Registration Forms – User profile, Content Restriction
CVE-2021-24730
RESERVED
CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24728 (The Membership & Content Restriction – Paid Member Subscript ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24727 (The StopBadBots WordPress plugin before 6.60 did not validate or escap ...)
@@ -51013,7 +51013,7 @@ CVE-2021-24715 (The WP Sitemap Page WordPress plugin before 1.7.0 does not prope
CVE-2021-24714
RESERVED
CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and Video Less ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...)
@@ -51033,13 +51033,13 @@ CVE-2021-24705
CVE-2021-24704
RESERVED
CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not have capabi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24701 (The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize m ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24700 (The Forminator WordPress plugin before 1.15.4 does not sanitize and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows users ...)
@@ -51103,7 +51103,7 @@ CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some
CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin before 1 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24668 (The MAZ Loader WordPress plugin through 1.3.4 does not enforce nonce c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...)
NOT-FOR-US: FortiGuard
CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a ...)
@@ -51151,13 +51151,13 @@ CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin through 1.4.2 do
CVE-2021-24645 (The Booking.com Product Helper WordPress plugin through 1.0.1 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24644 (The Images to WebP WordPress plugin before 1.9 does not validate or sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24641 (The Images to WebP WordPress plugin before 1.9 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24639 (The OMGF WordPress plugin before 4.5.4 does not enforce path validatio ...)
@@ -58328,7 +58328,7 @@ CVE-2021-21563 (Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Impr
CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path vulnerabil ...)
NOT-FOR-US: EMC
CVE-2021-21561 (Dell PowerScale OneFS version 8.1.2 contains a sensitive information e ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21560
RESERVED
CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33bb60ac86daaa76ec620a8de1a97e15c13e186
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33bb60ac86daaa76ec620a8de1a97e15c13e186
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211124/ea599ee8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list