[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Sep 10 21:25:06 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9fdfb603 by Salvatore Bonaccorso at 2021-09-10T22:24:51+02:00
Process NFUs

- - - - -
0946576d by Salvatore Bonaccorso at 2021-09-10T22:24:52+02:00
Add CVE-2021-40839/python-rencode

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...)
-	TODO: check
+	NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server
 CVE-2021-40863
 	RESERVED
 CVE-2021-40862
@@ -49,7 +49,9 @@ CVE-2021-40841
 CVE-2021-40840
 	RESERVED
 CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...)
-	TODO: check
+	- python-rencode 1.0.6-2
+	NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75
+	NOTE: https://github.com/aresch/rencode/pull/29
 CVE-2021-40838
 	RESERVED
 CVE-2021-40837
@@ -1099,7 +1101,7 @@ CVE-2021-40375
 CVE-2021-40374
 	RESERVED
 CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...)
-	TODO: check
+	NOT-FOR-US: playSMS
 CVE-2021-40372
 	RESERVED
 CVE-2021-40371
@@ -5646,33 +5648,33 @@ CVE-2021-38362
 CVE-2021-38361
 	RESERVED
 CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38356
 	RESERVED
 CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38352 (The Feedify – Web Push Notifications WordPress plugin is vulnera ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38346
 	RESERVED
 CVE-2021-38345
@@ -5684,37 +5686,37 @@ CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to
 CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38334 (The WP Design Maps & Places WordPress plugin is vulnerable to Refl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vuln ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Sc ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable to Refle ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross- ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scr ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to Reflected ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to Reflected Cro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection  ...)
@@ -7820,9 +7822,9 @@ CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks,
 CVE-2021-37424
 	RESERVED
 CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37420
@@ -7838,7 +7840,7 @@ CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is v
 CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37414 (Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows  ...)
-	TODO: check
+	NOT-FOR-US: Zoho ManageEngine
 CVE-2021-37413
 	RESERVED
 CVE-2021-37412



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bc2d376263fa3716ec6a367001e0a190380edb20...0946576dc21285dde73cfb1549e4861ee92aa8f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/bc2d376263fa3716ec6a367001e0a190380edb20...0946576dc21285dde73cfb1549e4861ee92aa8f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210910/4382d789/attachment.htm>

More information about the debian-security-tracker-commits mailing list