[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 22 09:49:14 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e48cfd81 by Salvatore Bonaccorso at 2021-10-22T10:48:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4935,7 +4935,7 @@ CVE-2021-41171
CVE-2021-41170
RESERVED
CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...)
- TODO: check
+ NOT-FOR-US: Sulu
CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...)
TODO: check
CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...)
@@ -5027,7 +5027,7 @@ CVE-2021-41129 (Pterodactyl is an open-source game server management panel built
CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...)
NOT-FOR-US: Hygeia
CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...)
- TODO: check
+ NOT-FOR-US: Rasa
CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...)
NOT-FOR-US: October CMS
CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...)
@@ -5984,7 +5984,7 @@ CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a refl
CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...)
NOT-FOR-US: Adobe
CVE-2021-40719 (Adobe Connect version 11.2.2 (and earlier) is affected by a Deserializ ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40718
RESERVED
CVE-2021-40717
@@ -9135,17 +9135,17 @@ CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by ot
- ledgersmb 1.6.9+ds-2.1 (bug #992817)
NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking
CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39353
RESERVED
CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...)
@@ -9153,7 +9153,7 @@ CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to
CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39346
@@ -9193,7 +9193,7 @@ CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to St
CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39326
@@ -9207,7 +9207,7 @@ CVE-2021-39323
CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the r ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39319
@@ -15146,7 +15146,7 @@ CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vul
CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36868
RESERVED
CVE-2021-36867
@@ -21063,7 +21063,7 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows
NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31)
NOTE: https://github.com/nvbn/thefuck/pull/1206
CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-34361
RESERVED
CVE-2021-34360
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48cfd814d654a43fe7eb2a92ec1c547e290736b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48cfd814d654a43fe7eb2a92ec1c547e290736b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211022/5fd4905d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list