Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
464afb25 by Salvatore Bonaccorso at 2021-10-18T22:12:19+02:00
Process one NFU
- - - - -
934041c6 by Salvatore Bonaccorso at 2021-10-18T22:16:38+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -261,9 +261,9 @@ CVE-2021-42568
CVE-2021-42567
RESERVED
CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error
parameter. ...)
- TODO: check
+ NOT-FOR-US: myfactory.FMS
CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
...)
- TODO: check
+ NOT-FOR-US: myfactory.FMS
CVE-2021-42564
RESERVED
CVE-2021-42563
@@ -2525,7 +2525,7 @@ CVE-2021-42100
CVE-2021-42099
RESERVED
CVE-2021-42098 (An incomplete permission check on entries in Devolutions
Remote Deskto ...)
- TODO: check
+ NOT-FOR-US: Devolutions
CVE-2021-42097
RESERVED
CVE-2021-42096
@@ -2619,7 +2619,7 @@ CVE-2021-42057
CVE-2021-42056
RESERVED
CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203
has Insec ...)
- TODO: check
+ NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware
CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in
triton_context_schedule ...)
NOT-FOR-US: ACCEL-PPP
CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via
compone ...)
@@ -11089,23 +11089,23 @@ CVE-2021-38444
CVE-2021-38443
RESERVED
CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38441
RESERVED
CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38439
RESERVED
CVE-2021-38438 (A use after free vulnerability in FATEK Automation
WinProladder versio ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38437
RESERVED
CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38435
RESERVED
CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38433
RESERVED
CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior
lacks pr ...)
@@ -11113,7 +11113,7 @@ CVE-2021-38432 (FATEK Automation Communication Server
Versions 1.13 and prior la
CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in
versions 9.0. ...)
NOT-FOR-US: Advantech
CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper
validatio ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38429
RESERVED
CVE-2021-38428
@@ -11121,7 +11121,7 @@ CVE-2021-38428
CVE-2021-38427
RESERVED
CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks
proper val ...)
- TODO: check
+ NOT-FOR-US: FATEK Automation
CVE-2021-38425
RESERVED
CVE-2021-38424
@@ -11195,7 +11195,7 @@ CVE-2021-38391 (A Blind SQL injection vulnerability
exists in the /DataHandler/A
CVE-2021-38390 (A Blind SQL injection vulnerability exists in the
/DataHandler/Handler ...)
NOT-FOR-US: Delta Electronics
CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to
a stack- ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to
the intern ...)
NOT-FOR-US: Central Dogma
CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before
disconnect ...)
@@ -23936,7 +23936,7 @@ CVE-2021-33025
CVE-2021-33024
RESERVED
CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to
a heap-b ...)
- TODO: check
+ NOT-FOR-US: Advantech WebAccess
CVE-2021-33022
RESERVED
CVE-2021-33021
@@ -32310,7 +32310,7 @@ CVE-2021-29880 (IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix
Pack 1 when using domains o
CVE-2021-29879
RESERVED
CVE-2021-29878 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is
vulnera ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-29877
RESERVED
CVE-2021-29876
@@ -44921,11 +44921,11 @@ CVE-2021-24756
CVE-2021-24755
RESERVED
CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does
not valida ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24753
RESERVED
CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform
capability ...)
- TODO: check
+ NOT-FOR-US: WordPress plugins
CVE-2021-24751
RESERVED
CVE-2021-24750
@@ -44943,13 +44943,13 @@ CVE-2021-24745
CVE-2021-24744
RESERVED
CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2
allows use ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24742
RESERVED
CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not
escape multip ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape
some of it ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24739
RESERVED
CVE-2021-24738
@@ -44957,15 +44957,15 @@ CVE-2021-24738
CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with
frontend file u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24735 (The Compact WP Audio Player WordPress plugin before 1.9.7 does
not imp ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24734 (The Compact WP Audio Player WordPress plugin before 1.9.7 does
not esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24733
RESERVED
CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip
WordPress plu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24731
RESERVED
CVE-2021-24730
@@ -45025,7 +45025,7 @@ CVE-2021-24704
CVE-2021-24703
RESERVED
CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not
properly sanit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24701
RESERVED
CVE-2021-24700
@@ -45061,7 +45061,7 @@ CVE-2021-24686
CVE-2021-24685
RESERVED
CVE-2021-24684 (The WordPress PDF Light Viewer Plugin WordPress plugin before
1.4.12 a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have
any CSR ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24682
@@ -45075,17 +45075,17 @@ CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway
for WooCommerce WordPress
CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does
not escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24677 (The Find My Blocks WordPress plugin before 3.4.0 does not have
authori ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does
not esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not
check for C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24674
RESERVED
CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16
does not e ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not
escape the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape
some short ...)
@@ -45145,7 +45145,7 @@ CVE-2021-24644
CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape
some at ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have
CSRF check ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24641
RESERVED
CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0
does not es ...)
@@ -45185,7 +45185,7 @@ CVE-2021-24624
CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24622 (The Customer Service Software & Support Ticket System
WordPress pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24621 (The WP Courses LMS WordPress plugin before 2.0.44 does not
sanitise it ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24620 (The WordPress Simple Ecommerce Shopping Cart Plugin- Sell
products thr ...)
@@ -45195,17 +45195,17 @@ CVE-2021-24619 (The Per page add to head WordPress
plugin through 1.4.4 does not
CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape
the op_ed ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24616
RESERVED
CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not
sanitise or es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does
not sani ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24613 (The Post Views Counter WordPress plugin before 1.3.5 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24612 (The Sociable WordPress plugin through 4.3.4.1 does not
sanitise or esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24611 (The Keyword Meta WordPress plugin through 3.0 does not
sanitise of esc ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not
implement a ...)
@@ -45239,7 +45239,7 @@ CVE-2021-24597 (The You Shang WordPress plugin through
1.0.1 does not escape its
CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not
sanitise esca ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking
any CSR ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24594
RESERVED
CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5
does not sa ...)
@@ -45397,7 +45397,7 @@ CVE-2021-24518 (The WPFront Notification Bar WordPress
plugin before 2.0.0.07176
CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms
WordPre ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not
escape the ti ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24515
RESERVED
CVE-2021-24514
@@ -45597,15 +45597,15 @@ CVE-2021-24418 (The Smooth Scroll Page Up/Down
Buttons WordPress plugin through
CVE-2021-24417
RESERVED
CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin
before 2.1.1 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery
plugin Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24414
RESERVED
CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not
sanitise or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress
plugin befor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24411 (The Social Tape WordPress plugin through 1.0 does not have
CSRF checks ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24410 (The తెలుగు
బైబ&# ...)
@@ -51771,9 +51771,9 @@ CVE-2021-21799 (Cross-site scripting vulnerabilities
exist in the telnet_form.ph
CVE-2021-21798 (An exploitable return of stack variable address vulnerability
exists i ...)
NOT-FOR-US: Nitro Pro PDF
CVE-2021-21797 (An exploitable double-free vulnerability exists in the
JavaScript impl ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro PDF
CVE-2021-21796 (An exploitable use-after-free vulnerability exists in the
JavaScript i ...)
- TODO: check
+ NOT-FOR-US: Nitro Pro PDF
CVE-2021-21795 (A heap-based buffer overflow vulnerability exists in the PSD
read_icc_ ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21794 (An out-of-bounds write vulnerability exists in the TIF
bits_per_sample ...)
@@ -116779,7 +116779,7 @@ CVE-2020-8293 (A missing input validation in
Nextcloud Server before 20.0.2, 19.
CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self
cross-site scr ...)
NOT-FOR-US: Rocket.Chat
CVE-2020-8291 (A link preview rendering issue in Rocket.Chat versions before
3.9 coul ...)
- TODO: check
+ NOT-FOR-US: Rocket.Chat
CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439
suffer ...)
NOT-FOR-US: Backblaze
CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS
before ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9bfb4dc88ddafd27b60475a9ce96ad44c77b54ea...934041c6e6dba5b18a8876f6171db09ca4c4d6e9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9bfb4dc88ddafd27b60475a9ce96ad44c77b54ea...934041c6e6dba5b18a8876f6171db09ca4c4d6e9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
