Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6cb58496 by Salvatore Bonaccorso at 2021-05-15T09:08:03+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -448,7 +448,7 @@ CVE-2021-32818 (haml-coffee is a JavaScript templating
solution. haml-coffee mix
CVE-2021-32817 (express-hbs is an Express handlebars template engine.
express-hbs mixe ...)
TODO: check
CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for
the Pro ...)
- TODO: check
+ NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815
RESERVED
CVE-2021-32814
@@ -6486,7 +6486,7 @@ CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to
execute arbitrary code via c
NOTE:
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html
NOTE:
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html
CVE-2021-30183 (Cleartext storage of sensitive information in multiple
versions of Oct ...)
- TODO: check
+ NOT-FOR-US: Octopus Server
CVE-2021-30182
RESERVED
CVE-2021-30181
@@ -20470,7 +20470,7 @@ CVE-2021-24293 (In the eCommerce module of the NextGEN
Gallery Pro WordPress plu
CVE-2021-24292
RESERVED
CVE-2021-24291 (The Photo Gallery by 10Web – Mobile-Friendly Image
Gallery WordP ...)
- TODO: check
+ NOT-FOR-US: Photo Gallery by 10Web / Mobile-Friendly Image Gallery
WordPress plugin
CVE-2021-24290
RESERVED
CVE-2021-24289
@@ -20478,27 +20478,27 @@ CVE-2021-24289
CVE-2021-24288
RESERVED
CVE-2021-24287 (The settings page of the Select All Categories and Taxonomies,
Change ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24286 (The settings page of the Redirect 404 to parent WordPress
plugin befor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24285 (The request_list_request AJAX call of the Car Seller - Auto
Classified ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24284 (The Kaswara Modern VC Addons WordPress plugin through 3.0.1
allows una ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24283 (The tab GET parameter of the settings page is not sanitised or
escaped ...)
TODO: check
CVE-2021-24282 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24281 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24280 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24279 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, l ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24278 (In the Redirection for Contact Form 7 WordPress plugin before
2.3.4, u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24277 (The RSS for Yandex Turbo WordPress plugin before 1.30 did not
properly ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24276 (The Contact Form by Supsystic WordPress plugin before 1.7.15
did not s ...)
NOT-FOR-US: Supsystic WordPress plugin
CVE-2021-24275 (The Popup by Supsystic WordPress plugin before 1.10.5 did not
sanitise ...)
@@ -20662,21 +20662,21 @@ CVE-2021-24197 (The wpDataTables – Tables &
Table Charts premium WordP
CVE-2021-24196 (The Social Slider Widget WordPress plugin before 1.8.5 allowed
Authent ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24195 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24194 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24193 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24192 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24191 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24190 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24189 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24188 (Low privileged users can use the AJAX action
'cp_plugins_do_button_job ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24187 (The setting page of the SEO Redirection Plugin - 301 Redirect
Manager ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-24186 (The tutor_answering_quiz_question/get_answer_by_id function
pair from ...)
@@ -44154,9 +44154,9 @@ CVE-2020-27187 (An issue was discovered in KDE
Partition Manager 4.1.0 before 4.
CVE-2020-27186
RESERVED
CVE-2020-27185 (Cleartext transmission of sensitive information via Moxa
Service in NP ...)
- TODO: check
+ NOT-FOR-US: Moxa Service in NPort IA5000A series serial devices
CVE-2020-27184 (The NPort IA5000A Series devices use Telnet as one of the
network devi ...)
- TODO: check
+ NOT-FOR-US: NPort IA5000A Series devices
CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in
konzept-ix p ...)
NOT-FOR-US: konzept-ix publiXone
CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in
konzept-ix publ ...)
@@ -44239,9 +44239,9 @@ CVE-2020-27153 (In BlueZ before 5.55, a double free was
found in the gatttool di
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817
NOTE:
https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
CVE-2020-27150 (In multiple versions of NPort IA5000A Series, the result of
exporting ...)
- TODO: check
+ NOT-FOR-US: NPort IA5000A Series devices
CVE-2020-27149 (By exploiting a vulnerability in NPort IA5150A/IA5250A Series
before v ...)
- TODO: check
+ NOT-FOR-US: NPort IA5150A/IA5250A Series devices
CVE-2020-27148 (The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data
Exchange ...)
NOT-FOR-US: TIBCO
CVE-2020-27147 (The REST API component of TIBCO Software Inc.'s TIBCO
PartnerExpress c ...)
@@ -44506,7 +44506,7 @@ CVE-2020-27022
CVE-2020-27021 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a
possible o ...)
NOT-FOR-US: Android
CVE-2020-27020 (Password generator feature in Kaspersky Password Manager was
not compl ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Password Manager
CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance
(IMSVA) 9.1 ...)
NOT-FOR-US: Trend Micro
CVE-2020-27018 (Trend Micro InterScan Messaging Security Virtual Appliance
(IMSVA) 9.1 ...)
@@ -52331,11 +52331,11 @@ CVE-2020-23693
CVE-2020-23692
RESERVED
CVE-2020-23691 (YFCMF v2.3.1 has a Remote Command Execution (RCE)
vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: YFCMF
CVE-2020-23690
RESERVED
CVE-2020-23689 (In YFCMF v2.3.1, there is a stored XSS vulnerability in the
comments s ...)
- TODO: check
+ NOT-FOR-US: YFCMF
CVE-2020-23688
RESERVED
CVE-2020-23687
@@ -63407,9 +63407,9 @@ CVE-2020-18169
CVE-2020-18168
RESERVED
CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote
attackers t ...)
- TODO: check
+ NOT-FOR-US: LAOBANCMS
CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: LAOBANCMS
CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote
attackers t ...)
NOT-FOR-US: LAOBANCMS
CVE-2020-18164
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb584967088833d5508263e67f681c68925b3e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cb584967088833d5508263e67f681c68925b3e6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
