[Git][security-tracker-team/security-tracker][master] Process several NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Oct 5 08:54:18 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76e09ccf by Salvatore Bonaccorso at 2021-10-05T09:54:00+02:00
Process several NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8216,23 +8216,23 @@ CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks pro
 CVE-2021-38401
 	RESERVED
 CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...)
-	TODO: check
+	NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120
 CVE-2021-38399
 	RESERVED
 CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...)
-	TODO: check
+	NOT-FOR-US: Boston Scientific
 CVE-2021-38397
 	RESERVED
 CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...)
-	TODO: check
+	NOT-FOR-US: Boston Scientific
 CVE-2021-38395
 	RESERVED
 CVE-2021-38394 (An attacker with physical access to the device can extract the binary  ...)
-	TODO: check
+	NOT-FOR-US: Boston Scientific
 CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2021-38392 (A skilled attacker with physical access to the affected device can gai ...)
-	TODO: check
+	NOT-FOR-US: Boston Scientific
 CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
@@ -9802,7 +9802,7 @@ CVE-2021-37779
 CVE-2021-37778
 	RESERVED
 CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...)
-	TODO: check
+	NOT-FOR-US: Gila CMS
 CVE-2021-37776
 	RESERVED
 CVE-2021-37775
@@ -10786,13 +10786,13 @@ CVE-2021-37335
 CVE-2021-37334 (A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could l ...)
 	NOT-FOR-US: Umbraco Forms
 CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...)
-	TODO: check
+	NOT-FOR-US: Laravel Booking System Booking Core
 CVE-2021-37332
 	RESERVED
 CVE-2021-37331 (Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Acc ...)
-	TODO: check
+	NOT-FOR-US: Laravel Booking System Booking Core
 CVE-2021-37330 (Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Sc ...)
-	TODO: check
+	NOT-FOR-US: Laravel Booking System Booking Core
 CVE-2021-37329
 	RESERVED
 CVE-2021-37328
@@ -11850,7 +11850,7 @@ CVE-2021-36852
 CVE-2021-36851
 	RESERVED
 CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-36849
 	RESERVED
 CVE-2021-36848
@@ -15546,7 +15546,7 @@ CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows re
 CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...)
 	NOT-FOR-US: Scalabium dBase Viewer
 CVE-2021-35296 (An issue in the administrator authentication panel of PTCL HG150-Ub v3 ...)
-	TODO: check
+	NOT-FOR-US: PTCL HG150-Ub
 CVE-2021-35295
 	RESERVED
 CVE-2021-35294
@@ -41936,7 +41936,7 @@ CVE-2021-24689
 CVE-2021-24688
 	RESERVED
 CVE-2021-24687 (The Modern Events Calendar Lite WordPress plugin before 5.22.2 does no ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24686
 	RESERVED
 CVE-2021-24685
@@ -41952,19 +41952,19 @@ CVE-2021-24681
 CVE-2021-24680
 	RESERVED
 CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24677
 	RESERVED
 CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does not esc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24675
 	RESERVED
 CVE-2021-24674
 	RESERVED
 CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24672
 	RESERVED
 CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape  ...)
@@ -42002,7 +42002,7 @@ CVE-2021-24656
 CVE-2021-24655
 	RESERVED
 CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24653
 	RESERVED
 CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
@@ -42380,7 +42380,7 @@ CVE-2021-24467 (The Leaflet Map WordPress plugin before 3.0.0 does not verify th
 CVE-2021-24466 (The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSR ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24465 (The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, vali ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-24463 (The get_sliders() function in the Image Slider by Ays- Responsive Slid ...)
@@ -63989,7 +63989,7 @@ CVE-2020-28121
 CVE-2020-28120
 	RESERVED
 CVE-2020-28119 (Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows fo ...)
-	TODO: check
+	NOT-FOR-US: 53KF
 CVE-2020-28118
 	RESERVED
 CVE-2020-28117



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76e09ccfcb27c9908a5d222dad2cac2ac25fe417

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76e09ccfcb27c9908a5d222dad2cac2ac25fe417
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211005/1982302a/attachment.htm>


More information about the debian-security-tracker-commits mailing list