Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 29ee17a2 by Salvatore Bonaccorso at 2021-08-02T22:30:47+02:00 Process some more NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,11 +1,11 @@ CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...) - TODO: check + NOT-FOR-US: resolution SAML SSO apps for Atlassian products CVE-2021-37842 RESERVED CVE-2021-37841 RESERVED CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...) - TODO: check + NOT-FOR-US: aaPanel CVE-2021-37839 RESERVED CVE-2021-3674 @@ -1316,7 +1316,7 @@ CVE-2021-3658 [stretch] - bluez <no-dsa> (Minor issue) NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...) - TODO: check + NOT-FOR-US: QSAN Storage Manager CVE-2021-37215 RESERVED CVE-2021-37214 @@ -1414,21 +1414,21 @@ CVE-2021-37169 CVE-2021-37168 RESERVED CVE-2021-37167 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) - TODO: check + NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37166 (A buffer overflow issue leading to denial of service was discovered in ...) - TODO: check + NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37165 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) - TODO: check + NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37164 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) - TODO: check + NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37163 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) - TODO: check + NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37162 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) - TODO: check + NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control Panel conta ...) - TODO: check + NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control Panel in Sw ...) - TODO: check + NOT-FOR-US: Swisslog Healthcare Nexus Panel CVE-2021-37158 RESERVED CVE-2021-37157 @@ -5350,7 +5350,7 @@ CVE-2021-35452 CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...) NOT-FOR-US: Teradici PCoIP Management Console-Enterprise CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...) - TODO: check + NOT-FOR-US: Entando Admin Console CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...) NOT-FOR-US: Lexmark CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...) @@ -7254,9 +7254,9 @@ CVE-2021-34577 CVE-2021-34576 RESERVED CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...) - TODO: check + NOT-FOR-US: MB connect line CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 ...) - TODO: check + NOT-FOR-US: MB connect line CVE-2021-34573 RESERVED CVE-2021-34572 @@ -9715,9 +9715,9 @@ CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) NOT-FOR-US: Weidmueller Industrial WLAN devices CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged lo ...) - TODO: check + NOT-FOR-US: MB connect line CVE-2021-33526 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged lo ...) - TODO: check + NOT-FOR-US: MB connect line CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (b ...) NOT-FOR-US: EyesOfNetwork (EON) eonweb CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...) @@ -31975,9 +31975,9 @@ CVE-2021-24506 CVE-2021-24505 RESERVED CVE-2021-24504 (The WP LMS – Best WordPress LMS Plugin WordPress plugin through ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24503 (The Popular Brand Icons – Simple Icons WordPress plugin before 2 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24502 RESERVED CVE-2021-24501 @@ -31987,11 +31987,11 @@ CVE-2021-24500 CVE-2021-24499 RESERVED CVE-2021-24498 (The Calendar Event Multi View WordPress plugin before 1.4.01 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24497 RESERVED CVE-2021-24496 (The Community Events WordPress plugin before 1.4.8 does not sanitise, ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24495 RESERVED CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape s ...) @@ -31999,7 +31999,7 @@ CVE-2021-24494 (The WP Offload SES Lite WordPress plugin before 1.4.5 did not es CVE-2021-24493 RESERVED CVE-2021-24492 (The hndtst_action_instance_callback AJAX call of the Handsome Testimon ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24491 RESERVED CVE-2021-24490 @@ -32007,7 +32007,7 @@ CVE-2021-24490 CVE-2021-24489 RESERVED CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24487 RESERVED CVE-2021-24486 @@ -32015,39 +32015,39 @@ CVE-2021-24486 CVE-2021-24485 RESERVED CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24482 (The Related Posts for WordPress plugin through 2.0.4 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24481 (The Any Hostname WordPress plugin through 1.0.6 does not sanitise or e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24480 (The Event Geek WordPress plugin through 2.5.2 does not sanitise or esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24479 (The DrawBlog WordPress plugin through 0.90 does not sanitise or valida ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24478 (The Bookshelf WordPress plugin through 2.0.4 does not sanitise or esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24477 (The Migrate Users WordPress plugin through 1.0.1 does not sanitise or ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24476 (The Steam Group Viewer WordPress plugin through 2.1 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24475 RESERVED CVE-2021-24474 (The Awesome Weather Widget WordPress plugin through 3.0.2 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24473 (The User Profile Picture WordPress plugin before 2.6.0 was affected by ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24472 (The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2021-24471 RESERVED CVE-2021-24470 (The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24469 RESERVED CVE-2021-24468 (The Leaflet Map WordPress plugin before 3.0.0 does not escape some sho ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24467 RESERVED CVE-2021-24466 @@ -32055,25 +32055,25 @@ CVE-2021-24466 CVE-2021-24465 RESERVED CVE-2021-24464 (The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin bef ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24463 (The get_sliders() function in the Image Slider by Ays- Responsive Slid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24462 (The get_gallery_categories() and get_galleries() functions in the Phot ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24461 (The get_faqs() function in the FAQ Builder AYS WordPress plugin before ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24460 (The get_fb_likeboxes() function in the Popup Like box – Page Plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24459 (The get_results() and get_items() functions in the Survey Maker WordPr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24458 (The get_ays_popupboxes() and get_popup_categories() functions of the P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24457 (The get_portfolios() and get_portfolio_attributes() functions in the c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24456 (The Quiz Maker WordPress plugin before 6.2.0.9 did not properly saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24455 (The Tutor LMS – eLearning and online course solution WordPress p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24454 (In the YOP Poll WordPress plugin before 6.2.8, when a pool is created ...) NOT-FOR-US: Wordpress plugin CVE-2021-24453 (The Include Me WordPress plugin through 1.2.1 is vulnerable to path tr ...) @@ -32083,11 +32083,11 @@ CVE-2021-24452 (The W3 Total Cache WordPress plugin before 2.1.5 was affected by CVE-2021-24451 (The Export Users With Meta WordPress plugin before 0.6.5 did not escap ...) NOT-FOR-US: Wordpress plugin CVE-2021-24450 (The User Registration, User Profiles, Login & Membership – P ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24449 RESERVED CVE-2021-24448 (The User Registration & User Profile – Profile Builder WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...) NOT-FOR-US: WordPress plugin CVE-2021-24446 @@ -32095,9 +32095,9 @@ CVE-2021-24446 CVE-2021-24445 RESERVED CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Categories W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24443 (The About Me widget of the Youzify – BuddyPress Community, User ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24442 (The Poll, Survey, Questionnaire and Voting system WordPress plugin bef ...) NOT-FOR-US: Wordpress plugin CVE-2021-24441 (The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitis ...) @@ -32127,13 +32127,13 @@ CVE-2021-24430 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite Word CVE-2021-24429 (The Salon booking system WordPress plugin before 6.3.1 does not proper ...) NOT-FOR-US: Wordpress plugin CVE-2021-24428 (The RSS for Yandex Turbo WordPress plugin through 1.30 does not saniti ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24427 (The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or e ...) NOT-FOR-US: Wordpress plugin CVE-2021-24426 (The Backup by 10Web – Backup and Restore Plugin WordPress plugin ...) NOT-FOR-US: Wordpress plugin CVE-2021-24425 (The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Heade ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24424 (The WP Reset – Most Advanced WordPress Reset Tool WordPress plug ...) NOT-FOR-US: Wordpress plugin CVE-2021-24423 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29ee17a210611ed377f88b8e89ed164679d4fba9 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29ee17a210611ed377f88b8e89ed164679d4fba9 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits