[Git][security-tracker-team/security-tracker][master] Process NFUs

Mon, 24 May 2021 23:57:25 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
292bcc7b by Salvatore Bonaccorso at 2021-05-25T08:55:57+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7545,7 +7545,7 @@ CVE-2020-36316 (In RELIC before 2021-04-03, there is a 
buffer overflow in PKCS#1
 CVE-2020-36315 (In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery 
can occu ...)
        NOT-FOR-US: RELIC
 CVE-2021-3485 (An Improper Input Validation vulnerability in the Product 
Update featu ...)
-       TODO: check
+       NOT-FOR-US: Bitdefender
 CVE-2021-30244
        RESERVED
 CVE-2021-30243
@@ -7989,11 +7989,11 @@ CVE-2021-30085
 CVE-2021-30084
        RESERVED
 CVE-2021-30083 (An issue was discovered in Mediat 1.4.1. There is a Reflected 
XSS vuln ...)
-       TODO: check
+       NOT-FOR-US: Mediat
 CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a 
Persistent XSS vu ...)
-       TODO: check
+       NOT-FOR-US: Gris CMS
 CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL 
Injection ...)
-       TODO: check
+       NOT-FOR-US: emlog
 CVE-2021-30080
        RESERVED
 CVE-2021-30079
@@ -21664,7 +21664,7 @@ CVE-2021-24334
 CVE-2021-24333
        RESERVED
 CVE-2021-24332 (The Autoptimize WordPress plugin before 2.8.4 was missing 
proper escap ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24331
        RESERVED
 CVE-2021-24330
@@ -21712,23 +21712,23 @@ CVE-2021-24310
 CVE-2021-24309
        RESERVED
 CVE-2021-24308 (The 'State' field of the Edit profile page of the LMS by 
LifterLMS &#8 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24307 (The All in One SEO – Best WordPress SEO Plugin – 
Easily Im ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24306 (The Ultimate Member – User Profile, User Registration, 
Login &am ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24305 (The Target First WordPress Plugin v2.0, also previously known 
as Watch ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24304
        RESERVED
 CVE-2021-24303
        RESERVED
 CVE-2021-24302 (The Hana Flv Player WordPress plugin through 3.1.3 is 
vulnerable to an ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24301 (The Hotjar Connecticator WordPress plugin through 1.1.1 is 
vulnerable  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24300 (The slider import search feature of the PickPlugins Product 
Slider for ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24299 (The ReDi Restaurant Reservation WordPress plugin before 
21.0426 provid ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24298 (The method and share GET parameters of the Giveaway pages were 
not san ...)
@@ -21736,11 +21736,11 @@ CVE-2021-24298 (The method and share GET parameters 
of the Giveaway pages were n
 CVE-2021-24297 (The Goto WordPress theme before 2.1 did not properly sanitize 
the form ...)
        TODO: check
 CVE-2021-24296 (The WP Customer Reviews WordPress plugin before 3.5.6 did not 
sanitise ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24295 (It was possible to exploit an Unauthenticated Time-Based Blind 
SQL Inj ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24294 (The dsgvoaio_write_log AJAX action of the DSGVO All in one for 
WP Word ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24293 (In the eCommerce module of the NextGEN Gallery Pro WordPress 
plugin be ...)
        NOT-FOR-US: NextGEN Gallery Pro WordPress plugin
 CVE-2021-24292 (The Happy Addons for Elementor WordPress plugin before 2.24.0, 
Happy A ...)
@@ -26935,11 +26935,11 @@ CVE-2021-21991
 CVE-2021-21990 (VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 
prior t ...)
        NOT-FOR-US: VMware
 CVE-2021-21989 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client 
for Windo ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-21988 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client 
for Windo ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-21987 (VMware Workstation (16.x prior to 16.1.2) and Horizon Client 
for Windo ...)
-       TODO: check
+       NOT-FOR-US: VMware
 CVE-2021-21986
        RESERVED
 CVE-2021-21985
@@ -30797,9 +30797,9 @@ CVE-2021-21003
 CVE-2021-21002
        RESERVED
 CVE-2021-21001 (On WAGO PFC200 devices in different firmware versions with 
special cra ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2021-21000 (On WAGO PFC200 devices in different firmware versions with 
special cra ...)
-       TODO: check
+       NOT-FOR-US: WAGO
 CVE-2021-20999 (In Weidmüller u-controls and IoT-Gateways in versions up 
to 1.12. ...)
        NOT-FOR-US: Weidmueller u-controls and IoT Gateways
 CVE-2021-20998 (In multiple managed switches by WAGO in different versions 
without aut ...)
@@ -48237,7 +48237,7 @@ CVE-2020-26008
 CVE-2020-26007
        RESERVED
 CVE-2020-26006 (Project Worlds Online Examination System 1.0 is affected by 
Cross Site ...)
-       TODO: check
+       NOT-FOR-US: Project Worlds Online Examination System
 CVE-2020-26005
        RESERVED
 CVE-2020-26004
@@ -49821,13 +49821,13 @@ CVE-2020-25412 (com_line() in command.c in gnuplot 
5.4 leads to an out-of-bounds
        NOTE: No security impact, gnuplot can execute arbitrary commands and 
need to
        NOTE: come from a trusted source, see README.Debian.security (added in 
5.2.6).
 CVE-2020-25411 (Projectworlds Online Examination System 1.0 is vulnerable to 
CSRF, whi ...)
-       TODO: check
+       NOT-FOR-US: Projectworlds Online Examination System
 CVE-2020-25410
        RESERVED
 CVE-2020-25409 (Projectsworlds College Management System Php 1.0 is vulnerable 
to SQL  ...)
-       TODO: check
+       NOT-FOR-US: Projectsworlds College Management System Php
 CVE-2020-25408 (A Cross-Site Request Forgery (CSRF) vulnerability exists in 
ProjectWor ...)
-       TODO: check
+       NOT-FOR-US: ProjectWorlds College Management System Php
 CVE-2020-25407
        RESERVED
 CVE-2020-25406 (app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows 
users to  ...)
@@ -134651,7 +134651,7 @@ CVE-2019-12350
 CVE-2019-12349
        RESERVED
 CVE-2019-12348 (An issue was discovered in zzcms 2019. SQL Injection exists in 
user/zt ...)
-       TODO: check
+       NOT-FOR-US: zzcms
 CVE-2019-12347 (In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when 
attackers  ...)
        NOT-FOR-US: pfSense
 CVE-2019-12346 (In the miniOrange SAML SP Single Sign On plugin before 4.8.73 
for Word ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/292bcc7b941a34767e496487d919b93d34c2a186

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/292bcc7b941a34767e496487d919b93d34c2a186
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to