Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e48cfd81 by Salvatore Bonaccorso at 2021-10-22T10:48:47+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4935,7 +4935,7 @@ CVE-2021-41171
CVE-2021-41170
RESERVED
CVE-2021-41169 (Sulu is an open-source PHP content management system based on
the Symf ...)
- TODO: check
+ NOT-FOR-US: Sulu
CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown
parser used ...)
TODO: check
CVE-2021-41167 (modern-async is an open source JavaScript tooling library for
asynchro ...)
@@ -5027,7 +5027,7 @@ CVE-2021-41129 (Pterodactyl is an open-source game server
management panel built
CVE-2021-41128 (Hygeia is an application for collecting and processing
personal and ca ...)
NOT-FOR-US: Hygeia
CVE-2021-41127 (Rasa is an open source machine learning framework to automate
text-and ...)
- TODO: check
+ NOT-FOR-US: Rasa
CVE-2021-41126 (October is a Content Management System (CMS) and web platform
built on ...)
NOT-FOR-US: October CMS
CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for
Python. ...)
@@ -5984,7 +5984,7 @@ CVE-2021-40721 (Adobe Connect version 11.2.2 (and
earlier) is affected by a refl
CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a
Deserialization o ...)
NOT-FOR-US: Adobe
CVE-2021-40719 (Adobe Connect version 11.2.2 (and earlier) is affected by a
Deserializ ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2021-40718
RESERVED
CVE-2021-40717
@@ -9135,17 +9135,17 @@ CVE-2021-3731 (LedgerSMB does not sufficiently guard
against being wrapped by ot
- ledgersmb 1.6.9+ds-2.1 (bug #992817)
NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking
CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39353
RESERVED
CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to
arbitra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to
authenticated SQL i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable
to Refle ...)
@@ -9153,7 +9153,7 @@ CVE-2021-39350 (The FV Flowplayer Video Player WordPress
plugin is vulnerable to
CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored
Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a
capability ch ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39346
@@ -9193,7 +9193,7 @@ CVE-2021-39330 (The Formidable Form Builder WordPress
plugin is vulnerable to St
CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored
Cross-Site Scr ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to
sensitive i ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39326
@@ -9207,7 +9207,7 @@ CVE-2021-39323
CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes
out the ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes
out the r ...)
NOT-FOR-US: WordPress plugin
CVE-2021-39319
@@ -15146,7 +15146,7 @@ CVE-2021-36871 (Multiple Authenticated Persistent
Cross-Site Scripting (XSS) vul
CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS)
vulnerabi ...)
NOT-FOR-US: Wordpress plugin
CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in
WordPress Ivory ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-36868
RESERVED
CVE-2021-36867
@@ -21063,7 +21063,7 @@ CVE-2021-34363 (The thefuck (aka The Fuck) package
before 3.31 for Python allows
NOTE:
https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092
(3.31)
NOTE: https://github.com/nvbn/thefuck/pull/1206
CVE-2021-34362 (A command injection vulnerability has been reported to affect
QNAP dev ...)
- TODO: check
+ NOT-FOR-US: QNAP
CVE-2021-34361
RESERVED
CVE-2021-34360
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48cfd814d654a43fe7eb2a92ec1c547e290736b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e48cfd814d654a43fe7eb2a92ec1c547e290736b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
