Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c33bb60a by Salvatore Bonaccorso at 2021-11-24T09:21:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1166,17 +1166,17 @@ CVE-2021-43782
CVE-2021-43781
RESERVED
CVE-2021-43780 (Redash is a package for data visualization and sharing. In
versions 10 ...)
- TODO: check
+ NOT-FOR-US: Redash
CVE-2021-43779
RESERVED
CVE-2021-43778
RESERVED
CVE-2021-43777 (Redash is a package for data visualization and sharing. In
Redash vers ...)
- TODO: check
+ NOT-FOR-US: Redash
CVE-2021-43776
RESERVED
CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment
trackin ...)
- TODO: check
+ NOT-FOR-US: Aim
CVE-2021-3967
RESERVED
CVE-2021-3966
@@ -4336,9 +4336,9 @@ CVE-2021-43223
CVE-2021-43222
RESERVED
CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution
Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-43219
RESERVED
CVE-2021-43218
@@ -4356,7 +4356,7 @@ CVE-2021-43213
CVE-2021-43212
RESERVED
CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege
Vulnerability This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-43210
RESERVED
CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is
unique fr ...)
@@ -5348,9 +5348,9 @@ CVE-2021-42786
CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC
Viewer allo ...)
TODO: check
CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link
DWR-932C E1 ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in
debug_po ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2021-42782
RESERVED
CVE-2021-42781
@@ -7698,11 +7698,11 @@ CVE-2021-42310
CVE-2021-42309
RESERVED
CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-42307
RESERVED
CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID
is unique ...)
NOT-FOR-US: Microsoft
CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is
unique ...)
@@ -7720,7 +7720,7 @@ CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature
Bypass Vulnerability ..
CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege
Vulnerability This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2021-42295
@@ -10308,7 +10308,7 @@ CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub
authenticator that helps n
CVE-2021-41193
RESERVED
CVE-2021-41192 (Redash is a package for data visualization and sharing. If an
admin se ...)
- TODO: check
+ NOT-FOR-US: Redash
CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product
purchasing hub. ...)
NOT-FOR-US: Roblox-Purchasing-Hub
CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to
facilitat ...)
@@ -15653,7 +15653,7 @@ CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0,
3.0.1, 4.0, and 4.1 is vul
CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1
could allow ...)
NOT-FOR-US: IBM
CVE-2021-38980 (IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key
Lifecycle ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses
a one-w ...)
NOT-FOR-US: IBM
CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1
could allow ...)
@@ -15831,9 +15831,9 @@ CVE-2021-38893
CVE-2021-38892
RESERVED
CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses
weaker than ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an
inadequat ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38889
RESERVED
CVE-2021-38888
@@ -15863,7 +15863,7 @@ CVE-2021-38877 (IBM Jazz for Service Management
1.1.3.10 is vulnerable to stored
CVE-2021-38876
RESERVED
CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2021-38874
RESERVED
CVE-2021-38873
@@ -21995,13 +21995,13 @@ CVE-2021-36337
CVE-2021-36336
RESERVED
CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an
Improper Inpu ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV
formula In ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36333 (Dell EMC CloudLink 7.1 and all prior versions contain a Buffer
Overflo ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML
and Javas ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36331
RESERVED
CVE-2021-36330
@@ -22037,13 +22037,13 @@ CVE-2021-36316
CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This
may all ...)
NOT-FOR-US: EMC
CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an
Arbitrary Fil ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36313 (Dell EMC CloudLink 7.1 and all prior versions contain an OS
command in ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36312 (Dell EMC CloudLink 7.1 and all prior versions contain a
Hard-coded Pas ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36311 (Dell EMC Networker versions prior to 19.5 contain an Improper
Authoriz ...)
- TODO: check
+ NOT-FOR-US: EMC
CVE-2021-36310 (Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x
& 10.5 ...)
NOT-FOR-US: Dell
CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains
a sensi ...)
@@ -22063,11 +22063,11 @@ CVE-2021-36303
CVE-2021-36302
RESERVED
CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to
version ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input
validati ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36299 (Dell iDRAC9 versions 4.40.00.00 and later, but prior to
4.40.29.00 and ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky
cryptograph ...)
NOT-FOR-US: EMC
CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted
search ...)
@@ -25122,7 +25122,7 @@ CVE-2021-35035
CVE-2021-35034
RESERVED
CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818,
NBG7815, WSQ20, ...)
- TODO: check
+ NOT-FOR-US: Zyxel
CVE-2021-35032
RESERVED
CVE-2021-35031
@@ -32993,9 +32993,9 @@ CVE-2021-31854
CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive
Encryption (M ...)
NOT-FOR-US: McAfee
CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee
Policy Audito ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee
Policy Audito ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31850
RESERVED
CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention
(DLP) ePO e ...)
@@ -50651,19 +50651,19 @@ CVE-2021-24896
CVE-2021-24895
RESERVED
CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not
validate the ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24893
RESERVED
CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced
Forms (F ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4
does not s ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24890
RESERVED
CVE-2021-24889
RESERVED
CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise
and esca ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24887
RESERVED
CVE-2021-24886
@@ -50675,7 +50675,7 @@ CVE-2021-24884 (The Formidable Form Builder WordPress
plugin before 4.09.05 allo
CVE-2021-24883
RESERVED
CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not
sanitise ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24881
RESERVED
CVE-2021-24880
@@ -50685,15 +50685,15 @@ CVE-2021-24879
CVE-2021-24878
RESERVED
CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not
validate the o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24876
RESERVED
CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin
before 3.0.3 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24874
RESERVED
CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise
and esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24872
RESERVED
CVE-2021-24871
@@ -50779,7 +50779,7 @@ CVE-2021-24832 (The WP SEO Redirect 301 WordPress
plugin before 2.3.2 does not h
CVE-2021-24831
RESERVED
CVE-2021-24830 (The Advanced Access Manager WordPress plugin before 6.8.0 does
not esc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin
before 3.9 d ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24828
@@ -50815,7 +50815,7 @@ CVE-2021-24814
CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not
sanitise and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24811
RESERVED
CVE-2021-24810
@@ -50981,7 +50981,7 @@ CVE-2021-24731 (The Registration Forms – User
profile, Content Restriction
CVE-2021-24730
RESERVED
CVE-2021-24729 (The Logo Showcase with Slick Slider WordPress plugin before
1.2.4 does ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24728 (The Membership & Content Restriction – Paid Member
Subscript ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24727 (The StopBadBots WordPress plugin before 6.60 did not validate
or escap ...)
@@ -51013,7 +51013,7 @@ CVE-2021-24715 (The WP Sitemap Page WordPress plugin
before 1.7.0 does not prope
CVE-2021-24714
RESERVED
CVE-2021-24713 (The Video Lessons Manager WordPress plugin before 1.7.2 and
Video Less ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17
does not p ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License
Manager ...)
@@ -51033,13 +51033,13 @@ CVE-2021-24705
CVE-2021-24704
RESERVED
CVE-2021-24703 (The Download Plugin WordPress plugin before 1.6.1 does not
have capabi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not
properly sanit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24701 (The Quiz Tool Lite WordPress plugin through 2.3.15 does not
sanitize m ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24700 (The Forminator WordPress plugin before 1.15.4 does not
sanitize and es ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not
escape ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6
allows users ...)
@@ -51103,7 +51103,7 @@ CVE-2021-24670 (The CoolClock WordPress plugin before
4.3.5 does not escape some
CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin
before 1 ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24668 (The MAZ Loader WordPress plugin through 1.3.4 does not enforce
nonce c ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24667 (A stored cross-site scripting vulnerability has been
discovered in : S ...)
NOT-FOR-US: FortiGuard
CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6
contains a ...)
@@ -51151,13 +51151,13 @@ CVE-2021-24646 (The Booking.com Banner Creator
WordPress plugin through 1.4.2 do
CVE-2021-24645 (The Booking.com Product Helper WordPress plugin through 1.0.1
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24644 (The Images to WebP WordPress plugin before 1.9 does not
validate or sa ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape
some at ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24642 (The Scroll Baner WordPress plugin through 1.0 does not have
CSRF check ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24641 (The Images to WebP WordPress plugin before 1.9 does not have
CSRF chec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-24640 (The WordPress Slider Block Gutenslider plugin before 5.2.0
does not es ...)
NOT-FOR-US: WordPress plugin
CVE-2021-24639 (The OMGF WordPress plugin before 4.5.4 does not enforce path
validatio ...)
@@ -58328,7 +58328,7 @@ CVE-2021-21563 (Dell EMC PowerScale OneFS versions
8.1.2-9.1.0.x contain an Impr
CVE-2021-21562 (Dell EMC PowerScale OneFS contains an untrusted search path
vulnerabil ...)
NOT-FOR-US: EMC
CVE-2021-21561 (Dell PowerScale OneFS version 8.1.2 contains a sensitive
information e ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-21560
RESERVED
CVE-2021-21559 (Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x,
19.4, and 19 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33bb60ac86daaa76ec620a8de1a97e15c13e186
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33bb60ac86daaa76ec620a8de1a97e15c13e186
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
