[Git][security-tracker-team/security-tracker][master] 2 commits: Process one NFU
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 18 21:17:04 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
464afb25 by Salvatore Bonaccorso at 2021-10-18T22:12:19+02:00
Process one NFU
- - - - -
934041c6 by Salvatore Bonaccorso at 2021-10-18T22:16:38+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -261,9 +261,9 @@ CVE-2021-42568
CVE-2021-42567
RESERVED
CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...)
- TODO: check
+ NOT-FOR-US: myfactory.FMS
CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter. ...)
- TODO: check
+ NOT-FOR-US: myfactory.FMS
CVE-2021-42564
RESERVED
CVE-2021-42563
@@ -2525,7 +2525,7 @@ CVE-2021-42100
CVE-2021-42099
RESERVED
CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2021-42097
RESERVED
CVE-2021-42096
@@ -2619,7 +2619,7 @@ CVE-2021-42057
CVE-2021-42056
RESERVED
CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...)
- TODO: check
+ NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware
CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...)
NOT-FOR-US: ACCEL-PPP
CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...)
@@ -11089,23 +11089,23 @@ CVE-2021-38444
CVE-2021-38443
RESERVED
CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38441
RESERVED
CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38439
RESERVED
CVE-2021-38438 (A use after free vulnerability in FATEK Automation WinProladder versio ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38437
RESERVED
CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38435
RESERVED
CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38433
RESERVED
CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...)
@@ -11113,7 +11113,7 @@ CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior la
CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...)
NOT-FOR-US: Advantech
CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper validatio ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38429
RESERVED
CVE-2021-38428
@@ -11121,7 +11121,7 @@ CVE-2021-38428
CVE-2021-38427
RESERVED
CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38425
RESERVED
CVE-2021-38424
@@ -11195,7 +11195,7 @@ CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/A
CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...)
NOT-FOR-US: Delta Electronics
CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to a stack- ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...)
NOT-FOR-US: Central Dogma
CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...)
@@ -23936,7 +23936,7 @@ CVE-2021-33025
CVE-2021-33024
RESERVED
CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2021-33022
RESERVED
CVE-2021-33021
@@ -32310,7 +32310,7 @@ CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains o
CVE-2021-29879
RESERVED
CVE-2021-29878 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29877
RESERVED
CVE-2021-29876
@@ -44921,11 +44921,11 @@ CVE-2021-24756
CVE-2021-24755
RESERVED
CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24753
RESERVED
CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugins
CVE-2021-24751
RESERVED
CVE-2021-24750
@@ -44943,13 +44943,13 @@ CVE-2021-24745
CVE-2021-24744
RESERVED
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24742
RESERVED
CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24739
RESERVED
CVE-2021-24738
@@ -44957,15 +44957,15 @@ CVE-2021-24738
CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not imp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does not esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24733
RESERVED
CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24731
RESERVED
CVE-2021-24730
@@ -45025,7 +45025,7 @@ CVE-2021-24704
CVE-2021-24703
RESERVED
CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24701
RESERVED
CVE-2021-24700
@@ -45061,7 +45061,7 @@ CVE-2021-24686
CVE-2021-24685
RESERVED
CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24682
@@ -45075,17 +45075,17 @@ CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress
CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24677 (The Find My Blocks WordPress plugin before 3.4.0 does not have authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does not esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not check for C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24674
RESERVED
CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not escape the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...)
@@ -45145,7 +45145,7 @@ CVE-2021-24644
CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24641
RESERVED
CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...)
@@ -45185,7 +45185,7 @@ CVE-2021-24624
CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24622 (The Customer Service Software & Support Ticket System WordPress pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise it ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products thr ...)
@@ -45195,17 +45195,17 @@ CVE-2021-24619 (The Per page add to head WordPress plugin through 1.4.4 does not
CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape the op_ed ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24616
RESERVED
CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not sanitise or es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24612 (The Sociable WordPress plugin through 4.3.4.1 does not sanitise or esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implement a ...)
@@ -45239,7 +45239,7 @@ CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its
CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24594
RESERVED
CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...)
@@ -45397,7 +45397,7 @@ CVE-2021-24518 (The WPFront Notification Bar WordPress plugin before 2.0.0.07176
CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24515
RESERVED
CVE-2021-24514
@@ -45597,15 +45597,15 @@ CVE-2021-24418 (The Smooth Scroll Page Up/Down Buttons WordPress plugin through
CVE-2021-24417
RESERVED
CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin before 2.1.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery plugin Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24414
RESERVED
CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress plugin befor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have CSRF checks ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24410 (The తెలుగు బైబ&# ...)
@@ -51771,9 +51771,9 @@ CVE-2021-21799 (Cross-site scripting vulnerabilities exist in the telnet_form.ph
CVE-2021-21798 (An exploitable return of stack variable address vulnerability exists i ...)
NOT-FOR-US: Nitro Pro PDF
CVE-2021-21797 (An exploitable double-free vulnerability exists in the JavaScript impl ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro PDF
CVE-2021-21796 (An exploitable use-after-free vulnerability exists in the JavaScript i ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro PDF
CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD read_icc_ ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF bits_per_sample ...)
@@ -116779,7 +116779,7 @@ CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.
CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...)
NOT-FOR-US: Rocket.Chat
CVE-2020-8291 (A link preview rendering issue in Rocket.Chat versions before 3.9 coul ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer ...)
NOT-FOR-US: Backblaze
CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9bfb4dc88ddafd27b60475a9ce96ad44c77b54ea...934041c6e6dba5b18a8876f6171db09ca4c4d6e9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9bfb4dc88ddafd27b60475a9ce96ad44c77b54ea...934041c6e6dba5b18a8876f6171db09ca4c4d6e9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211018/926329e9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list