[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Thu, 18 Mar 2021 13:30:03 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
892cd710 by Salvatore Bonaccorso at 2021-03-18T21:29:18+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,17 +77,17 @@ CVE-2021-28796 (Increments Qiita::Markdown before 0.33.0 
allows XSS in transform
 CVE-2021-28795
        RESERVED
 CVE-2021-28794 (The unofficial ShellCheck extension before 0.13.4 for Visual 
Studio Co ...)
-       TODO: check
+       NOT-FOR-US: ShellCheck extension for Visual Studio Code
 CVE-2021-28793
        RESERVED
 CVE-2021-28792 (The unofficial Swift Development Environment extension before 
2.12.1 f ...)
-       TODO: check
+       NOT-FOR-US: Swift Development Environment extension for Visual Studio 
Code
 CVE-2021-28791 (The unofficial SwiftFormat extension before 1.3.7 for Visual 
Studio Co ...)
-       TODO: check
+       NOT-FOR-US: SwiftFormat extension for Visual Studio Code
 CVE-2021-28790 (The unofficial SwiftLint extension before 1.4.5 for Visual 
Studio Code ...)
-       TODO: check
+       NOT-FOR-US: SwiftLint extension for Visual Studio Code
 CVE-2021-28789 (The unofficial apple/swift-format extension before 1.1.2 for 
Visual St ...)
-       TODO: check
+       NOT-FOR-US: apple/swift-format extension for Visual Studio Code
 CVE-2021-28788
        RESERVED
 CVE-2021-28787
@@ -865,13 +865,13 @@ CVE-2021-28422
 CVE-2021-28421
        RESERVED
 CVE-2021-28420 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows 
remote at ...)
-       TODO: check
+       NOT-FOR-US: Seo Panel
 CVE-2021-28419 (The "order_col" parameter in archive.php of SEO Panel 4.8.0 is 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Seo Panel
 CVE-2021-28418 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows 
remote at ...)
-       TODO: check
+       NOT-FOR-US: Seo Panel
 CVE-2021-28417 (A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows 
remote at ...)
-       TODO: check
+       NOT-FOR-US: Seo Panel
 CVE-2021-28416
        RESERVED
 CVE-2021-28415
@@ -1490,7 +1490,7 @@ CVE-2021-3428 [integer overflow in ext4_es_cache_extent]
        NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/1
        NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1173485
 CVE-2021-28145 (Concrete CMS (formerly concrete5) before 8.5.5 allows remote 
authentic ...)
-       TODO: check
+       NOT-FOR-US: Concrete CMS
 CVE-2021-28144 (prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows 
remote a ...)
        NOT-FOR-US: D-Link
 CVE-2021-28143 (/jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows 
authenticated  ...)
@@ -1514,7 +1514,7 @@ CVE-2021-28135
 CVE-2021-28134 (Clipper before 1.0.5 allows remote command execution. A remote 
attacke ...)
        NOT-FOR-US: Clipper
 CVE-2021-28133 (Zoom through 5.5.4 sometimes allows attackers to read private 
informat ...)
-       TODO: check
+       NOT-FOR-US: Zoom
 CVE-2021-3427
        RESERVED
 CVE-2021-28132 (LUCY Security Awareness Software through 4.7.x allows 
unauthenticated  ...)
@@ -2653,7 +2653,7 @@ CVE-2021-27658
 CVE-2021-27657
        RESERVED
 CVE-2021-27656 (A vulnerability in exacqVision Web Service 20.12.2.0 and prior 
could a ...)
-       TODO: check
+       NOT-FOR-US: exacqVision Web Service
 CVE-2021-27655
        RESERVED
 CVE-2021-27654
@@ -3426,7 +3426,7 @@ CVE-2021-27308
 CVE-2021-27307
        RESERVED
 CVE-2021-27306 (An improper access control vulnerability in the JWT plugin in 
Kong Gat ...)
-       TODO: check
+       NOT-FOR-US: Kong Gateway
 CVE-2021-27305
        RESERVED
 CVE-2021-27304
@@ -6025,15 +6025,15 @@ CVE-2021-26239
 CVE-2021-26238
        RESERVED
 CVE-2021-26237 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode 
write acce ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26236 (FastStone Image Viewer v.&lt;= 7.5 is affected by a 
Stack-based Buffer ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26235 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode 
write acce ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26234 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode 
write acce ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26233 (FastStone Image Viewer &lt;= 7.5 is affected by a user mode 
write acce ...)
-       TODO: check
+       NOT-FOR-US: FastStone Image Viewer
 CVE-2021-26232
        RESERVED
 CVE-2021-26231
@@ -6067,9 +6067,9 @@ CVE-2021-26218
 CVE-2021-26217
        RESERVED
 CVE-2021-26216 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) 
in out. ...)
-       TODO: check
+       NOT-FOR-US: SeedDMS
 CVE-2021-26215 (SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) 
in out. ...)
-       TODO: check
+       NOT-FOR-US: SeedDMS
 CVE-2021-26214
        RESERVED
 CVE-2021-26213
@@ -10773,51 +10773,51 @@ CVE-2021-24151
 CVE-2021-24150
        RESERVED
 CVE-2021-24149 (Unvalidated input in the Modern Events Calendar Lite WordPress 
plugin, ...)
-       TODO: check
+       NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
 CVE-2021-24148 (A business logic issue in the MStore API WordPress plugin, 
versions be ...)
-       TODO: check
+       NOT-FOR-US: MStore API WordPress plugin
 CVE-2021-24147 (Unvalidated input and lack of output encoding in the Modern 
Events Cal ...)
-       TODO: check
+       NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
 CVE-2021-24146 (Lack of authorisation checks in the Modern Events Calendar 
Lite WordPr ...)
-       TODO: check
+       NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
 CVE-2021-24145 (Arbitrary file upload in the Modern Events Calendar Lite 
WordPress plu ...)
-       TODO: check
+       NOT-FOR-US: Modern Events Calendar Lite WordPress plugin
 CVE-2021-24144 (Unvalidated input in the Contact Form 7 Database Addon plugin, 
version ...)
-       TODO: check
+       NOT-FOR-US: Contact Form 7 Database Addon plugin,
 CVE-2021-24143 (Unvalidated input in the AccessPress Social Icons plugin, 
versions bef ...)
-       TODO: check
+       NOT-FOR-US: AccessPress Social Icons plugin
 CVE-2021-24142 (Unvaludated input in the 301 Redirects - Easy Redirect Manager 
WordPre ...)
-       TODO: check
+       NOT-FOR-US: 301 Redirects - Easy Redirect Manager WordPress plugin
 CVE-2021-24141 (Unvaludated input in the Advanced Database Cleaner plugin, 
versions be ...)
-       TODO: check
+       NOT-FOR-US: Advanced Database Cleaner plugin
 CVE-2021-24140 (Unvalidated input in the Ajax Load More WordPress plugin, 
versions bef ...)
-       TODO: check
+       NOT-FOR-US: Ajax Load More WordPress plugin
 CVE-2021-24139 (Unvalidated input in the Photo Gallery (10Web Photo Gallery) 
WordPress ...)
-       TODO: check
+       NOT-FOR-US: Photo Gallery (10Web Photo Gallery) WordPress plugin
 CVE-2021-24138 (Unvalidated input in the AdRotate WordPress plugin, versions 
before 5. ...)
-       TODO: check
+       NOT-FOR-US: AdRotate WordPress plugin
 CVE-2021-24137 (Unvalidated input in the Blog2Social WordPress plugin, 
versions before ...)
-       TODO: check
+       NOT-FOR-US: Blog2Social WordPress plugin
 CVE-2021-24136 (Unvalidated input and lack of output encoding in the 
Testimonials Widg ...)
-       TODO: check
+       NOT-FOR-US: Testimonials Widget WordPress plugin
 CVE-2021-24135 (Unvalidated input and lack of output encoding in the WP 
Customer Revie ...)
-       TODO: check
+       NOT-FOR-US: WP Customer Reviews WordPress plugin
 CVE-2021-24134 (Unvalidated input and lack of output encoding in the Constant 
Contact  ...)
-       TODO: check
+       NOT-FOR-US: Constant Contact Forms WordPress plugin
 CVE-2021-24133 (Lack of CSRF checks in the ActiveCampaign WordPress plugin, 
versions b ...)
-       TODO: check
+       NOT-FOR-US: ActiveCampaign WordPress plugin
 CVE-2021-24132 (The Slider by 10Web WordPress plugin, versions before 1.2.36, 
in the b ...)
-       TODO: check
+       NOT-FOR-US: 10Web WordPress plugin
 CVE-2021-24131 (Unvalidated input in the Anti-Spam by CleanTalk WordPress 
plugin, vers ...)
-       TODO: check
+       NOT-FOR-US: Anti-Spam by CleanTalk WordPress plugin
 CVE-2021-24130 (Unvalidated input in the WP Google Map Plugin WordPress 
plugin, versio ...)
-       TODO: check
+       NOT-FOR-US: WP Google Map Plugin WordPress plugin
 CVE-2021-24129 (Unvalidated input and lack of output encoding in the Themify 
Portfolio ...)
-       TODO: check
+       NOT-FOR-US: Themify Portfolio Post WordPress plugin
 CVE-2021-24128 (Unvalidated input and lack of output encoding in the Team 
Members Word ...)
-       TODO: check
+       NOT-FOR-US: Team Members WordPress plugin
 CVE-2021-24127 (Unvalidated input and lack of output encoding in the 
ThirstyAffiliates ...)
-       TODO: check
+       NOT-FOR-US: ThirstyAffiliates Affiliate Link Manager WordPress plugin
 CVE-2021-24126 (Unvalidated input and lack of output encoding in the Envira 
Gallery Li ...)
        TODO: check
 CVE-2021-24125 (Unvalidated input in the Contact Form Submissions WordPress 
plugin, ve ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/892cd7101c439722ec4030ca5f02d5f5d0164737

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/892cd7101c439722ec4030ca5f02d5f5d0164737
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to