[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 20 21:56:01 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e906cd73 by Salvatore Bonaccorso at 2021-09-20T22:55:39+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4683,7 +4683,7 @@ CVE-2021-39404
CVE-2021-39403
RESERVED
CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding a new pr ...)
- TODO: check
+ NOT-FOR-US: MaianAffiliate
CVE-2021-39401
RESERVED
CVE-2021-39400
@@ -21492,7 +21492,7 @@ CVE-2021-32267
CVE-2021-32266
RESERVED
CVE-2021-32265 (An issue was discovered in Bento4 through v1.6.0-637. A global-buffer- ...)
- TODO: check
+ NOT-FOR-US: Bento4
CVE-2021-32264
RESERVED
CVE-2021-32263 (ok-file-formats through 2021-04-29 has a heap-based buffer overflow in ...)
@@ -40493,7 +40493,7 @@ CVE-2021-24743
CVE-2021-24742
RESERVED
CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape multip ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24740
RESERVED
CVE-2021-24739
@@ -40649,7 +40649,7 @@ CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not esc
CVE-2021-24664
RESERVED
CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24662
RESERVED
CVE-2021-24661
@@ -40661,7 +40661,7 @@ CVE-2021-24659
CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 d ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24656
RESERVED
CVE-2021-24655
@@ -40695,17 +40695,17 @@ CVE-2021-24642
CVE-2021-24641
RESERVED
CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0 does not es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24639 (The OMGF WordPress plugin before 4.5.4 does not enforce path validatio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24638 (The OMGF WordPress plugin before 4.5.4 does not escape or validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24637 (The Google Fonts Typography WordPress plugin before 3.0.3 does not esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24636 (The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24635 (The Visual Link Preview WordPress plugin before 2.2.3 does not enforce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24634
RESERVED
CVE-2021-24633
@@ -40739,7 +40739,7 @@ CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell produc
CVE-2021-24619 (The Per page add to head WordPress plugin through 1.4.4 does not prope ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24617
RESERVED
CVE-2021-24616
@@ -40749,7 +40749,7 @@ CVE-2021-24615
CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24612
RESERVED
CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise of esc ...)
@@ -40757,17 +40757,17 @@ CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not sanitise
CVE-2021-24610
RESERVED
CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24608
RESERVED
CVE-2021-24607
RESERVED
CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24605 (The create_post_page AJAX action of the Custom Post View Generator Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24604 (The Availability Calendar WordPress plugin before 1.2.2 does not sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24603 (The Site Reviews WordPress plugin before 5.13.1 does not sanitise some ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24602 (The HM Multiple Roles WordPress plugin before 1.3 does not have any ac ...)
@@ -40775,15 +40775,15 @@ CVE-2021-24602 (The HM Multiple Roles WordPress plugin before 1.3 does not have
CVE-2021-24601 (The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24600 (The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24599 (The Email Encoder – Protect Email Addresses WordPress plugin bef ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24598
RESERVED
CVE-2021-24597 (The You Shang WordPress plugin through 1.0.1 does not escape its qrcod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitise esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24595
RESERVED
CVE-2021-24594
@@ -40801,17 +40801,17 @@ CVE-2021-24589
CVE-2021-24588 (The SMS Alert Order Notifications WordPress plugin before 3.4.7 is aff ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24587 (The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24586 (The Per page add to head WordPress plugin before 1.4.4 is lacking any ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24585 (The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24584 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24583 (The Timetable and Event Schedule WordPress plugin before 2.4.2 does no ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24582 (The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24581 (The Blue Admin WordPress plugin through 21.06.01 does not sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not sanitise use ...)
@@ -40915,7 +40915,7 @@ CVE-2021-24532
CVE-2021-24531 (The Charitable – Donation Plugin WordPress plugin before 1.6.51 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24530 (The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24529 (The Grid Gallery – Photo Image Grid Gallery WordPress plugin bef ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24528 (The FluentSMTP WordPress plugin before 2.0.1 does not sanitize paramet ...)
@@ -40925,7 +40925,7 @@ CVE-2021-24527 (The User Registration & User Profile – Profile Builder
CVE-2021-24526 (The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contac ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24525 (The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users wi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24524 (The GiveWP – Donation Plugin and Fundraising Platform WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24523 (The Daily Prayer Time WordPress plugin before 2021.08.10 does not sani ...)
@@ -40953,7 +40953,7 @@ CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plu
CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24511 (The fetch_product_ajax functionality in the Product Feed on WooCommerc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24510 (The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24509 (The Page View Count WordPress plugin before 2.4.9 does not escape the ...)
@@ -41167,23 +41167,23 @@ CVE-2021-24406 (The wpForo Forum WordPress plugin before 1.9.7 did not validate
CVE-2021-24405 (The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24404 (The options.php file of the WP-Board WordPress plugin through 1.1 beta ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24403 (The Orders functionality in the WordPress Page Contact plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24402 (The Orders functionality in the WP iCommerce WordPress plugin through ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24401 (The Edit domain functionality in the WP Domain Redirect WordPress plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24400 (The Edit Role functionality in the Display Users WordPress plugin thro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24399 (The check_order function of The Sorter WordPress plugin through 1.0 us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24398 (The Add new scene functionality in the Responsive 3D Slider WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24397 (The edit functionality in the MicroCopy WordPress plugin through 1.1.0 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24396 (A pageid GET parameter of the GSEOR – WordPress SEO Plugin WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24395 (The editid GET parameter of the Embed Youtube Video WordPress plugin t ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24394 (An id GET parameter of the Easy Testimonial Manager WordPress plugin t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e906cd73f9067ebf435163c86d859abf71db04b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e906cd73f9067ebf435163c86d859abf71db04b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210920/d42f297e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list