Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: adc45bd6 by Salvatore Bonaccorso at 2021-11-08T21:44:01+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2667,7 +2667,7 @@ CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbi NOTE: https://www.tenable.com/security/research/tra-2021-14 NOTE: https://github.com/python-babel/babel/pull/782 CVE-2021-42770 (A Cross-site scripting (XSS) vulnerability was discovered in OPNsense ...) - TODO: check + NOT-FOR-US: OPNsense CVE-2021-42769 RESERVED CVE-2021-42768 @@ -6310,7 +6310,7 @@ CVE-2021-41735 CVE-2021-41734 RESERVED CVE-2021-41733 (Oppia 3.1.4 does not verify that certain URLs are valid before navigat ...) - TODO: check + NOT-FOR-US: Oppia CVE-2021-41732 (** DISPUTED ** An issue was discovered in zeek version 4.1.0. There is ...) - zeek <unfixed> (unimportant) NOTE: https://github.com/zeek/zeek/issues/1798 @@ -7433,7 +7433,7 @@ CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the t CVE-2021-41231 RESERVED CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...) - TODO: check + NOT-FOR-US: Pomerium CVE-2021-41229 RESERVED CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In affecte ...) @@ -8952,7 +8952,7 @@ CVE-2021-40579 CVE-2021-40578 RESERVED CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-40576 RESERVED CVE-2021-40575 @@ -11643,7 +11643,7 @@ CVE-2021-39422 CVE-2021-39421 RESERVED CVE-2021-39420 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0. ...) - TODO: check + NOT-FOR-US: VFront CVE-2021-39419 RESERVED CVE-2021-39418 @@ -15628,7 +15628,7 @@ CVE-2021-37852 CVE-2021-37851 RESERVED CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...) - TODO: check + NOT-FOR-US: ESET CVE-2021-37849 RESERVED CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...) @@ -28427,11 +28427,11 @@ CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) NOT-FOR-US: modem 2G RRM CVE-2021-32483 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...) - TODO: check + NOT-FOR-US: Cloudera Manager CVE-2021-32482 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the ...) - TODO: check + NOT-FOR-US: Cloudera Manager CVE-2021-32481 (Cloudera Hue 4.6.0 allows XSS via the type parameter. ...) - TODO: check + NOT-FOR-US: Cloudera Hue CVE-2021-32480 RESERVED CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...) @@ -34697,7 +34697,7 @@ CVE-2021-30134 CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...) NOT-FOR-US: CloverDX CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...) - TODO: check + NOT-FOR-US: Cloudera Manager CVE-2021-30131 RESERVED CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) @@ -35014,7 +35014,7 @@ CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command exec CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...) NOT-FOR-US: CloverDX CVE-2021-29994 (Cloudera Hue 4.6.0 allows XSS. ...) - TODO: check + NOT-FOR-US: Cloudera Hue CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...) - firefox <not-affected> (Specific to Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993 @@ -37005,7 +37005,7 @@ CVE-2021-29245 (BTCPay Server through 1.0.7.0 uses a weak method Next to produce CVE-2021-29244 RESERVED CVE-2021-29243 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. ...) - TODO: check + NOT-FOR-US: Cloudera Manager CVE-2021-29242 (CODESYS Control Runtime system before 3.5.17.0 has improper input vali ...) NOT-FOR-US: CODESYS Control Runtime CVE-2021-29241 (CODESYS Gateway 3 before 3.5.17.0 has a NULL pointer dereference that ...) @@ -40025,11 +40025,11 @@ CVE-2021-28026 (jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl CVE-2021-28025 RESERVED CVE-2021-28024 (Unauthorized system access in the login form in ServiceTonic Helpdesk ...) - TODO: check + NOT-FOR-US: ServiceTonic CVE-2021-28023 (Arbitrary file upload in Service import feature in ServiceTonic Helpde ...) - TODO: check + NOT-FOR-US: ServiceTonic CVE-2021-28022 (Blind SQL injection in the login form in ServiceTonic Helpdesk softwar ...) - TODO: check + NOT-FOR-US: ServiceTonic CVE-2021-28021 (Buffer overflow vulnerability in function stbi__extend_receive in stb_ ...) - libstb <undetermined> NOTE: https://github.com/nothings/stb/issues/1108 @@ -44985,7 +44985,7 @@ CVE-2021-25981 CVE-2021-25980 RESERVED CVE-2021-25979 (Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insuffi ...) - TODO: check + NOT-FOR-US: Apostrophe CMS CVE-2021-25978 (Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stor ...) NOT-FOR-US: Apostrophe CMS CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...) @@ -47859,7 +47859,7 @@ CVE-2021-24846 CVE-2021-24845 RESERVED CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24843 RESERVED CVE-2021-24842 @@ -47867,7 +47867,7 @@ CVE-2021-24842 CVE-2021-24841 RESERVED CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2021-24839 RESERVED CVE-2021-24838 @@ -47877,23 +47877,23 @@ CVE-2021-24837 CVE-2021-24836 RESERVED CVE-2021-24835 (The WCFM – Frontend Manager for WooCommerce along with Bookings ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24834 RESERVED CVE-2021-24833 RESERVED CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24831 RESERVED CVE-2021-24830 RESERVED CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24828 RESERVED CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not validate an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24826 RESERVED CVE-2021-24825 @@ -47915,7 +47915,7 @@ CVE-2021-24818 CVE-2021-24817 RESERVED CVE-2021-24816 (The Phoenix Media Rename WordPress plugin before 3.4.4 does not have c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24815 RESERVED CVE-2021-24814 @@ -47933,9 +47933,9 @@ CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not CVE-2021-24808 (The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with ...) NOT-FOR-US: WordPress plugin CVE-2021-24807 (The Support Board WordPress plugin before 3.3.5 allows Authenticated ( ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24806 (The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when ad ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24805 RESERVED CVE-2021-24804 @@ -47945,13 +47945,13 @@ CVE-2021-24803 CVE-2021-24802 RESERVED CVE-2021-24801 (The WP Survey Plus WordPress plugin through 1.0 does not have any auth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24800 RESERVED CVE-2021-24799 (The Far Future Expiry Header WordPress plugin before 1.5 does not have ...) NOT-FOR-US: WordPress plugin CVE-2021-24798 (The WP Header Images WordPress plugin before 2.0.1 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24797 RESERVED CVE-2021-24796 @@ -47965,13 +47965,13 @@ CVE-2021-24793 (The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 do CVE-2021-24792 RESERVED CVE-2021-24791 (The Header Footer Code Manager WordPress plugin before 1.1.14 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24790 RESERVED CVE-2021-24789 (The Flat Preloader WordPress plugin before 1.5.5 does not escape some ...) NOT-FOR-US: WordPress plugin CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actio ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24787 RESERVED CVE-2021-24786 @@ -47981,7 +47981,7 @@ CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitis CVE-2021-24784 RESERVED CVE-2021-24783 (The Post Expirator WordPress plugin before 2.6.0 does not have proper ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24782 RESERVED CVE-2021-24781 (The Image Source Control WordPress plugin before 2.3.1 allows users wi ...) @@ -48013,9 +48013,9 @@ CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does CVE-2021-24768 RESERVED CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24765 RESERVED CVE-2021-24764 @@ -48085,7 +48085,7 @@ CVE-2021-24733 CVE-2021-24732 (The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plu ...) NOT-FOR-US: WordPress plugin CVE-2021-24731 (The Registration Forms – User profile, Content Restriction, Spam ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24730 RESERVED CVE-2021-24729 @@ -48105,7 +48105,7 @@ CVE-2021-24723 (The WP Reactions Lite WordPress plugin before 1.3.6 does not pro CVE-2021-24722 (The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24721 (The Loco Translate WordPress plugin before 2.5.4 mishandles data input ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...) NOT-FOR-US: WordPress plugin CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...) @@ -48127,15 +48127,15 @@ CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...) NOT-FOR-US: WordPress plugin CVE-2021-24710 (The Print-O-Matic WordPress plugin before 2.0.3 does not escape some o ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not properly val ...) NOT-FOR-US: WordPress plugin CVE-2021-24708 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24707 RESERVED CVE-2021-24706 (The Qwizcards – online quizzes and flashcards WordPress plugin b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24705 RESERVED CVE-2021-24704 @@ -48145,23 +48145,23 @@ CVE-2021-24703 CVE-2021-24702 (The LearnPress WordPress plugin before 4.1.3.1 does not properly sanit ...) NOT-FOR-US: WordPress plugin CVE-2021-24701 (The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize m ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24700 RESERVED CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2021-24698 (The Simple Download Monitor WordPress plugin before 3.9.6 allows users ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24697 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24696 RESERVED CVE-2021-24695 (The Simple Download Monitor WordPress plugin before 3.9.6 saves logs i ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24694 RESERVED CVE-2021-24693 (The Simple Download Monitor WordPress plugin before 3.9.5 does not esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24692 RESERVED CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...) @@ -48199,7 +48199,7 @@ CVE-2021-24676 (The Better Find and Replace WordPress plugin before 1.2.9 does n CVE-2021-24675 (The One User Avatar WordPress plugin before 2.3.7 does not check for C ...) NOT-FOR-US: WordPress plugin CVE-2021-24674 (The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24673 (The Appointment Hour Booking WordPress plugin before 1.3.16 does not e ...) NOT-FOR-US: WordPress plugin CVE-2021-24672 (The One User Avatar WordPress plugin before 2.3.7 does not escape the ...) @@ -48209,7 +48209,7 @@ CVE-2021-24671 (The MX Time Zone Clocks WordPress plugin before 3.4.1 does not e CVE-2021-24670 (The CoolClock WordPress plugin before 4.3.5 does not escape some short ...) NOT-FOR-US: WordPress plugin CVE-2021-24669 (The MAZ Loader – Preloader Builder for WordPress plugin before 1 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24668 RESERVED CVE-2021-24667 (A stored cross-site scripting vulnerability has been discovered in : S ...) @@ -48219,7 +48219,7 @@ CVE-2021-24666 (The Podlove Podcast Publisher WordPress plugin before 3.5.6 cont CVE-2021-24665 (The WP Video Lightbox WordPress plugin before 1.9.3 does not escape th ...) NOT-FOR-US: WordPress plugin CVE-2021-24664 (The School Management System – WPSchoolPress WordPress plugin be ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...) NOT-FOR-US: WordPress plugin CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...) @@ -48253,11 +48253,11 @@ CVE-2021-24649 CVE-2021-24648 RESERVED CVE-2021-24647 (The Registration Forms – User profile, Content Restriction, Spam ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24646 (The Booking.com Banner Creator WordPress plugin through 1.4.2 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24645 (The Booking.com Product Helper WordPress plugin through 1.0.1 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24644 RESERVED CVE-2021-24643 (The WP Map Block WordPress plugin before 1.2.3 does not escape some at ...) @@ -48285,19 +48285,19 @@ CVE-2021-24633 (The Countdown Block WordPress plugin before 1.1.2 does not have CVE-2021-24632 (The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-24631 (The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24630 (The Schreikasten WordPress plugin through 0.14.18 does not sanitise or ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24629 (The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24628 (The Wow Forms WordPress plugin through 3.1.3 does not sanitise or esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24627 (The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24626 (The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24625 (The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24624 (The MP3 Audio Player for Music, Radio & Podcast by Sonaar WordPres ...) NOT-FOR-US: WordPress plugin CVE-2021-24623 (The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress ...) @@ -48315,7 +48315,7 @@ CVE-2021-24618 (The Donate With QRCode WordPress plugin before 1.4.5 does not sa CVE-2021-24617 (The GamePress WordPress plugin through 1.1.0 does not escape the op_ed ...) NOT-FOR-US: WordPress plugin CVE-2021-24616 (The AddToAny Share Buttons WordPress plugin before 1.7.48 does not esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24615 (The Wechat Reward WordPress plugin through 1.7 does not sanitise or es ...) NOT-FOR-US: WordPress plugin CVE-2021-24614 (The Book appointment online WordPress plugin before 1.39 does not sani ...) @@ -48333,7 +48333,7 @@ CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does n CVE-2021-24608 (The Formidable Form Builder – Contact Form, Survey & Quiz Fo ...) NOT-FOR-US: WordPress plugin CVE-2021-24607 (The Storefront Footer Text WordPress plugin through 1.0.1 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24605 (The create_post_page AJAX action of the Custom Post View Generator Wor ...) @@ -48359,7 +48359,7 @@ CVE-2021-24596 (The youForms for WordPress plugin through 1.0.5 does not sanitis CVE-2021-24595 (The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSR ...) NOT-FOR-US: WordPress plugin CVE-2021-24594 (The Translate WordPress – Google Language Translator WordPress p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24593 (The Business Hours Indicator WordPress plugin before 2.3.5 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2021-24592 (The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise s ...) @@ -48397,7 +48397,7 @@ CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5 CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...) NOT-FOR-US: WordPress plugin CVE-2021-24575 (The School Management System – WPSchoolPress WordPress plugin be ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-24573 @@ -48473,7 +48473,7 @@ CVE-2021-24539 (The Coming Soon, Under Construction & Maintenance Mode By Da CVE-2021-24538 (The Current Book WordPress plugin through 1.0.1 does not sanitize user ...) NOT-FOR-US: WordPress plugin CVE-2021-24537 (The Similar Posts WordPress plugin through 3.1.5 allow high privilege ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24536 (The Custom Login Redirect WordPress plugin through 1.0.0 does not have ...) NOT-FOR-US: WordPress plugin CVE-2021-24535 (The Light Messages WordPress plugin through 1.0 is lacking CSRF check ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc45bd6559c4d3b6487e36b1ec6fc7b1ef273d1 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adc45bd6559c4d3b6487e36b1ec6fc7b1ef273d1 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits