[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 31 Aug 2021 01:46:58 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
fe37561d by Salvatore Bonaccorso at 2021-08-31T10:46:26+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4891,11 +4891,11 @@ CVE-2021-38147
 CVE-2021-38146
        RESERVED
 CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL 
Injection ca ...)
-       TODO: check
+       NOT-FOR-US: Form Tools
 CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A 
low-privileged ...)
-       TODO: check
+       NOT-FOR-US: Form Tools
 CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an 
administ ...)
-       TODO: check
+       NOT-FOR-US: Form Tools
 CVE-2021-38142
        RESERVED
 CVE-2021-38141
@@ -8871,7 +8871,7 @@ CVE-2021-36358
 CVE-2021-36357
        RESERVED
 CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to 
execute  ...)
-       TODO: check
+       NOT-FOR-US: KRAMER VIAware
 CVE-2021-36355
        RESERVED
 CVE-2021-36354
@@ -11863,9 +11863,9 @@ CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 
6.0.3 has a "critical evasi
        [stretch] - suricata <no-dsa> (Minor issue)
        NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489
 CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in 
DRK Ode ...)
-       TODO: check
+       NOT-FOR-US: DRK Odenwaldkreis Testerfassung
 CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK 
Odenwaldkre ...)
-       TODO: check
+       NOT-FOR-US: DRK Odenwaldkreis Testerfassung
 CVE-2021-35060
        RESERVED
 CVE-2021-35059
@@ -17066,7 +17066,7 @@ CVE-2021-32834
 CVE-2021-32833
        RESERVED
 CVE-2021-32832 (Rocket.Chat is an open-source fully customizable 
communications platfo ...)
-       TODO: check
+       NOT-FOR-US: Rocket.Chat
 CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for 
Node.js p ...)
        TODO: check
 CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The 
locateFont  ...)
@@ -29684,15 +29684,15 @@ CVE-2021-27915
 CVE-2021-27914
        RESERVED
 CVE-2021-27913 (The function mt_rand is used to generate session tokens, this 
function ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27912 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline 
JS XSS  ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27911 (Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline 
JS XSS  ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27910 (Insufficient sanitization / filtering allows for arbitrary 
JavaScript  ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27909 (For Mautic versions prior to 3.3.4/4.0.0, there is an XSS 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such 
as datab ...)
        NOT-FOR-US: Mautic
 CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the 
creation of a M ...)
@@ -30235,7 +30235,7 @@ CVE-2021-27665
 CVE-2021-27664
        RESERVED
 CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson 
Controls CEM  ...)
-       TODO: check
+       NOT-FOR-US: Johnson Controls
 CVE-2021-27662
        RESERVED
 CVE-2021-27661 (Successful exploitation of this vulnerability could give an 
authentica ...)
@@ -30462,11 +30462,11 @@ CVE-2021-27560
 CVE-2021-27559 (The Contact page in Monica 2.19.1 allows stored XSS via the 
Nickname f ...)
        NOT-FOR-US: Monica
 CVE-2021-27558 (A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 
allows re ...)
-       TODO: check
+       NOT-FOR-US: EasyCorp ZenTao
 CVE-2021-27557 (A cross-site request forgery (CSRF) vulnerability in the Cron 
job tab  ...)
-       TODO: check
+       NOT-FOR-US: EasyCorp ZenTao
 CVE-2021-27556 (The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote 
attackers (wh ...)
-       TODO: check
+       NOT-FOR-US: EasyCorp ZenTao
 CVE-2021-27555
        RESERVED
 CVE-2021-27554
@@ -37542,7 +37542,7 @@ CVE-2021-24667 (A stored cross-site scripting 
vulnerability has been discovered
 CVE-2021-24666
        RESERVED
 CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not 
escape th ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24664
        RESERVED
 CVE-2021-24663
@@ -37686,9 +37686,9 @@ CVE-2021-24595
 CVE-2021-24594
        RESERVED
 CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 
does not sa ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not 
sanitise s ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24591
        RESERVED
 CVE-2021-24590
@@ -37710,11 +37710,11 @@ CVE-2021-24583
 CVE-2021-24582
        RESERVED
 CVE-2021-24581 (The Blue Admin WordPress plugin through 21.06.01 does not 
sanitise or  ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not 
sanitise use ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder 
WordPress plug ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24578
        RESERVED
 CVE-2021-24577
@@ -37816,7 +37816,7 @@ CVE-2021-24530
 CVE-2021-24529 (The Grid Gallery &#8211; Photo Image Grid Gallery WordPress 
plugin bef ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24528 (The FluentSMTP WordPress plugin before 2.0.1 does not sanitize 
paramet ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24527 (The User Registration &amp; User Profile &#8211; Profile 
Builder WordP ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24526 (The Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; 
Drop Contac ...)
@@ -37996,9 +37996,9 @@ CVE-2021-24440 (The Sign-up Sheets WordPress plugin 
before 1.0.14 did not saniti
 CVE-2021-24439 (The Browser Screenshots WordPress plugin before 1.7.6 allowed 
authenti ...)
        NOT-FOR-US: Wordpress plugin
 CVE-2021-24438 (The ShareThis Dashboard for Google Analytics WordPress plugin 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24437 (The Favicon by RealFaviconGenerator WordPress plugin through 
1.3.20 do ...)
-       TODO: check
+       NOT-FOR-US: WordPress plugin
 CVE-2021-24436 (The W3 Total Cache WordPress plugin before 2.1.4 was 
vulnerable to a r ...)
        NOT-FOR-US: WordPress plugin
 CVE-2021-24435



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe37561d4b2a5af7623bbf1d06cd316974d88ed3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe37561d4b2a5af7623bbf1d06cd316974d88ed3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to