[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 29 20:19:15 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
26e42f13 by Salvatore Bonaccorso at 2021-11-29T21:18:49+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -449,17 +449,17 @@ CVE-2021-44205
CVE-2021-44204
RESERVED
CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...)
- TODO: check
+ NOT-FOR-US: Acronis
CVE-2021-44197
RESERVED
CVE-2021-44196
@@ -469,7 +469,7 @@ CVE-2021-4016
CVE-2021-4015
RESERVED
CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-4014
RESERVED
CVE-2021-4013
@@ -2655,7 +2655,7 @@ CVE-2021-43699
CVE-2021-43698 (An unspecified version of phpWhois is affected by a Cross Site Scripti ...)
TODO: check
CVE-2021-43697 (An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cr ...)
- TODO: check
+ NOT-FOR-US: Workerman-ThinkPHP-Redis
CVE-2021-43696 (An unspecified version of twmap is affected by a Cross Site Scripting ...)
TODO: check
CVE-2021-43695 (An unspecified version of issabelPBX is affected by a Cross Site Scrip ...)
@@ -2667,7 +2667,7 @@ CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in
CVE-2021-43692 (An unspecified version of youtube-php-mirroring is affected by a Cross ...)
TODO: check
CVE-2021-43691 (An unspecified version of tripexpress is affected by a path manipulati ...)
- TODO: check
+ NOT-FOR-US: tripexpress
CVE-2021-43690
RESERVED
CVE-2021-43689
@@ -7837,9 +7837,9 @@ CVE-2021-42367
CVE-2021-42366
RESERVED
CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...)
@@ -7851,7 +7851,7 @@ CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress instal
CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-di ...)
NOT-FOR-US: WP DSGVO Tools (GDPR)
CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-42357
RESERVED
CVE-2021-42356
@@ -13723,7 +13723,7 @@ CVE-2021-39997
CVE-2021-39996
RESERVED
CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2021-39994
RESERVED
CVE-2021-39993
@@ -17846,7 +17846,7 @@ CVE-2021-38285
CVE-2021-38284
RESERVED
CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
- TODO: check
+ NOT-FOR-US: Wipro Holmes Orchestrator
CVE-2021-38282
RESERVED
CVE-2021-38281
@@ -18282,7 +18282,7 @@ CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2
CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...)
NOT-FOR-US: Obsidian
CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...)
- TODO: check
+ NOT-FOR-US: Wipro Holmes Orchestrator
CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...)
NOT-FOR-US: Wipro Holmes Orchestrator
CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...)
@@ -51115,7 +51115,7 @@ CVE-2021-24929
CVE-2021-24928
RESERVED
CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24926
RESERVED
CVE-2021-24925
@@ -51133,13 +51133,13 @@ CVE-2021-24920
CVE-2021-24919
RESERVED
CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24917
RESERVED
CVE-2021-24916
RESERVED
CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24914
RESERVED
CVE-2021-24913
@@ -51153,7 +51153,7 @@ CVE-2021-24910
CVE-2021-24909
RESERVED
CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24907
RESERVED
CVE-2021-24906
@@ -51171,7 +51171,7 @@ CVE-2021-24901
CVE-2021-24900
RESERVED
CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24898
RESERVED
CVE-2021-24897
@@ -51191,7 +51191,7 @@ CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4 does
CVE-2021-24890
RESERVED
CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24887
@@ -51203,7 +51203,7 @@ CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the p
CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape the L ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24881
@@ -51217,7 +51217,7 @@ CVE-2021-24878
CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24874
@@ -51249,7 +51249,7 @@ CVE-2021-24862
CVE-2021-24861
RESERVED
CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24859
RESERVED
CVE-2021-24858
@@ -51285,7 +51285,7 @@ CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not va
CVE-2021-24843
RESERVED
CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...)
@@ -51325,7 +51325,7 @@ CVE-2021-24824
CVE-2021-24823
RESERVED
CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24821
RESERVED
CVE-2021-24820
@@ -51347,7 +51347,7 @@ CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not san
CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24810
RESERVED
CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...)
@@ -51433,7 +51433,7 @@ CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not pe
CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24768 (The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...)
@@ -51459,7 +51459,7 @@ CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not pe
CVE-2021-24756
RESERVED
CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24753
@@ -51467,19 +51467,19 @@ CVE-2021-24753
CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...)
NOT-FOR-US: WordPress plugins
CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24750
RESERVED
CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24747
RESERVED
CVE-2021-24746
RESERVED
CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26e42f13a3f8d76cfd78661602ce81c9bacb31b6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/26e42f13a3f8d76cfd78661602ce81c9bacb31b6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211129/6caa9477/attachment.htm>
More information about the debian-security-tracker-commits
mailing list