[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 25 21:37:30 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6cb3e2bd by Salvatore Bonaccorso at 2021-10-25T22:37:02+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4028,7 +4028,7 @@ CVE-2021-41773 (A flaw was found in a change made to path normalization in Apach
CVE-2021-3839
RESERVED
CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...)
- TODO: check
+ NOT-FOR-US: Ingeteam INGEPAC DA AU
CVE-2021-41772
RESERVED
CVE-2021-41771
@@ -5350,7 +5350,7 @@ CVE-2021-41178
CVE-2021-41177
RESERVED
CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...)
- TODO: check
+ NOT-FOR-US: Pterodactyl
CVE-2021-41175
RESERVED
CVE-2021-41174
@@ -6869,9 +6869,9 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai
NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on
NOTE: a query).
CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...)
- TODO: check
+ NOT-FOR-US: "com.onepeloton.erlich" mobile application
CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...)
- TODO: check
+ NOT-FOR-US: Peleton
CVE-2021-40525
RESERVED
CVE-2021-3776
@@ -7250,7 +7250,7 @@ CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering
CVE-2021-40372
RESERVED
CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.7912 allo ...)
- TODO: check
+ NOT-FOR-US: Gridpro Request Management for Windows Azure Pack
CVE-2021-40370
RESERVED
CVE-2021-40369
@@ -19507,7 +19507,7 @@ CVE-2021-35233
CVE-2021-35232
RESERVED
CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...)
- TODO: check
+ NOT-FOR-US: Kiwi Syslog Server Installation Wizard
CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...)
NOT-FOR-US: Kiwi CatTools Installation Wizard
CVE-2021-35229
@@ -20306,27 +20306,27 @@ CVE-2021-34866
CVE-2021-34865
RESERVED
CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2021-34858
RESERVED
CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Foxit PDF Reader
CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -42638,7 +42638,7 @@ CVE-2021-25979
CVE-2021-25978
RESERVED
CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...)
- TODO: check
+ NOT-FOR-US: PiranhaCMS
CVE-2021-25976
RESERVED
CVE-2021-25975
@@ -45423,9 +45423,9 @@ CVE-2021-24887
CVE-2021-24886
RESERVED
CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24883
RESERVED
CVE-2021-24882
@@ -45623,7 +45623,7 @@ CVE-2021-24787
CVE-2021-24786
RESERVED
CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24784
RESERVED
CVE-2021-24783
@@ -45635,7 +45635,7 @@ CVE-2021-24781
CVE-2021-24780
RESERVED
CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24778
RESERVED
CVE-2021-24777
@@ -45645,7 +45645,7 @@ CVE-2021-24776
CVE-2021-24775
RESERVED
CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24773
RESERVED
CVE-2021-24772
@@ -45655,7 +45655,7 @@ CVE-2021-24771
CVE-2021-24770
RESERVED
CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24768
RESERVED
CVE-2021-24767
@@ -45705,7 +45705,7 @@ CVE-2021-24746
CVE-2021-24745
RESERVED
CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24742
@@ -45795,7 +45795,7 @@ CVE-2021-24701
CVE-2021-24700
RESERVED
CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24698
RESERVED
CVE-2021-24697
@@ -45869,7 +45869,7 @@ CVE-2021-24664
CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24661 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24660 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
@@ -45887,7 +45887,7 @@ CVE-2021-24655
CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...)
@@ -45977,7 +45977,7 @@ CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implem
CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24608 (The Formidable Form Builder – Contact Form, Survey & Quiz Fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24607
RESERVED
CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...)
@@ -46105,9 +46105,9 @@ CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit WordPress
CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does not hav ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24542
RESERVED
CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...)
@@ -46163,9 +46163,9 @@ CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms W
CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24515 (The Video Gallery – Vimeo and YouTube Gallery WordPress plugin t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...)
@@ -46215,15 +46215,15 @@ CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF c
CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...)
@@ -46365,7 +46365,7 @@ CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin before
CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery plugin Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress plugin befor ...)
@@ -46431,7 +46431,7 @@ CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not saniti
CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...)
@@ -85224,7 +85224,7 @@ CVE-2020-20910
CVE-2020-20909
RESERVED
CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...)
- TODO: check
+ NOT-FOR-US: Akaunting
CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...)
NOT-FOR-US: MetInfo
CVE-2020-20906
@@ -100585,7 +100585,7 @@ CVE-2020-14266
CVE-2020-14265
RESERVED
CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
- TODO: check
+ NOT-FOR-US: HCL
CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...)
NOT-FOR-US: HCL
CVE-2020-14262
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb3e2bd90b71fd6ef1a3d9117d99464fb7c2261
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb3e2bd90b71fd6ef1a3d9117d99464fb7c2261
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211025/48d77ea8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list