Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe7583f0 by Salvatore Bonaccorso at 2021-10-11T22:37:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3058,17 +3058,17 @@ CVE-2021-40891
CVE-2021-40890
RESERVED
CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution
vulnerability ...)
- TODO: check
+ NOT-FOR-US: CMSUno
CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting
(XSS) du ...)
- TODO: check
+ NOT-FOR-US: Projectsend
CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal
vulnera ...)
- TODO: check
+ NOT-FOR-US: Projectsend
CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal
vulnera ...)
- TODO: check
+ NOT-FOR-US: Projectsend
CVE-2021-40885
RESERVED
CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information
disclos ...)
- TODO: check
+ NOT-FOR-US: Projectsend
CVE-2021-40883
RESERVED
CVE-2021-40882
@@ -3861,7 +3861,7 @@ CVE-2021-40543 (Opensis-Classic Version 8.0 is affected
by a SQL injection vulne
CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site
scripting (XSS). ...)
TODO: check
CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS)
in the pr ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits
con_info ...)
- ulfius 2.7.1-2 (bug #993851)
[bullseye] - ulfius 2.7.1-1+deb11u1
@@ -4722,13 +4722,13 @@ CVE-2021-40193
CVE-2021-40192
RESERVED
CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting
(XSS) due ...)
- TODO: check
+ NOT-FOR-US: Dzzoffice
CVE-2021-40190
RESERVED
CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution
vulnerabilit ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload
vulnerabili ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2021-40187
RESERVED
CVE-2021-40186
@@ -6698,7 +6698,7 @@ CVE-2021-39319
CVE-2021-39318
RESERVED
CVE-2021-39317 (Versions up to, and including, 1.0.6, of the Access Demo
Importer Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows
arbitrary files, ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39315
@@ -16792,9 +16792,9 @@ CVE-2021-35062 (A Shell Metacharacter Injection
vulnerability in result.php in D
CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK
Odenwaldkre ...)
NOT-FOR-US: DRK Odenwaldkreis Testerfassung
CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows
unauthe ...)
- TODO: check
+ NOT-FOR-US: OpenWay WAY4 ACS
CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the
/way4acs/enrol ...)
- TODO: check
+ NOT-FOR-US: OpenWay WAY4 ACS
CVE-2021-35058
RESERVED
CVE-2021-35057
@@ -32096,11 +32096,11 @@ CVE-2021-29008 (A cross-site scripting (XSS) issue in
SEO Panel 4.8.0 allows rem
CVE-2021-29007
RESERVED
CVE-2021-29006 (rConfig 3.9.6 is affected by a Local File Disclosure
vulnerability. An ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2021-29005 (Insecure permission of chmod command on rConfig server 3.9.6
exists. A ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2021-29004 (rConfig 3.9.6 is affected by SQL Injection. A user must be
authenticat ...)
- TODO: check
+ NOT-FOR-US: rConfig
CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote
attackers ...)
NOT-FOR-US: Genexis devices
CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS
5.2.3 e ...)
@@ -36915,7 +36915,7 @@ CVE-2021-27004
CVE-2021-27003
RESERVED
CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible
to a vul ...)
- TODO: check
+ NOT-FOR-US: NetApp Cloud Manager
CVE-2021-27001
RESERVED
CVE-2021-27000
@@ -37935,7 +37935,7 @@ CVE-2021-26590
CVE-2021-26589
RESERVED
CVE-2021-26588 (A potential security vulnerability has been identified in HPE
3PAR Sto ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-26587 (A potential DOM-based Cross Site Scripting security
vulnerability has ...)
NOT-FOR-US: HPE StoreOnce
CVE-2021-26586 (A potential security vulnerability has been identified in the
HPE Edge ...)
@@ -42616,7 +42616,7 @@ CVE-2021-24739
CVE-2021-24738
RESERVED
CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0
does not ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24736
RESERVED
CVE-2021-24735
@@ -42650,9 +42650,9 @@ CVE-2021-24722
CVE-2021-24721
RESERVED
CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before
2.1.1.3 wa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable
to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2021-24718
RESERVED
CVE-2021-24717
@@ -42666,13 +42666,13 @@ CVE-2021-24714
CVE-2021-24713
RESERVED
CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17
does not p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License
Manager ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24710
RESERVED
CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not
properly val ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24708
RESERVED
CVE-2021-24707
@@ -42708,9 +42708,9 @@ CVE-2021-24693
CVE-2021-24692
RESERVED
CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does
not esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not
properly san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24689
RESERVED
CVE-2021-24688
@@ -42724,11 +42724,11 @@ CVE-2021-24685
CVE-2021-24684
RESERVED
CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have
any CSR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24682
RESERVED
CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not
sanitise or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24680
RESERVED
CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce
WordPress plugin ...)
@@ -42778,7 +42778,7 @@ CVE-2021-24658 (The Erident Custom Login and Dashboard
WordPress plugin before 3
CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does
not escap ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before
3.2.4 do ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24655
RESERVED
CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not
properly ...)
@@ -42788,7 +42788,7 @@ CVE-2021-24653
CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress
plugin befo ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows
unauthenticated us ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24650
RESERVED
CVE-2021-24649
@@ -42936,9 +42936,9 @@ CVE-2021-24579 (The bt_bb_get_grid AJAX action of the
Bold Page Builder WordPres
CVE-2021-24578
RESERVED
CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before
3.5.3 doe ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not
properly sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24575
RESERVED
CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not
sanitise and ...)
@@ -42964,7 +42964,7 @@ CVE-2021-24565 (The Contact Form 7 Captcha WordPress
plugin before 0.0.9 does no
CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225
does not sa ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24563 (The Frontend Uploader WordPress plugin through 1.3.2 does not
prevent ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24562 (The LMS by LifterLMS – Online Course, Membership &
Learning ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise
the "wp_gr ...)
@@ -42998,9 +42998,9 @@ CVE-2021-24548 (The Mimetic Books WordPress plugin
through 0.2.13 was vulnerable
CVE-2021-24547 (The KN Fix Your Title WordPress plugin through 1.0.1 was
vulnerable to ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit
WordPress plugin ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not
sanitis ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24544
RESERVED
CVE-2021-24543
@@ -55177,9 +55177,9 @@ CVE-2021-20124
CVE-2021-20123
RESERVED
CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version
3.00.20 is ...)
- TODO: check
+ NOT-FOR-US: Telus Wi-Fi Hub
CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version
3.00.20 is ...)
- TODO: check
+ NOT-FOR-US: Telus Wi-Fi Hub
CVE-2021-20120
RESERVED
CVE-2021-20119
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe7583f03c328e162d00538f50d71dacc3f99211
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe7583f03c328e162d00538f50d71dacc3f99211
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
