Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: eb60dfd1 by Salvatore Bonaccorso at 2021-12-21T22:49:08+01:00 Process some NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -615,13 +615,13 @@ CVE-2021-45257 CVE-2021-45256 RESERVED CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...) - TODO: check + NOT-FOR-US: Video Sharing Website CVE-2021-45254 RESERVED CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...) - TODO: check + NOT-FOR-US: Simple Cold Storage Management System CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...) - TODO: check + NOT-FOR-US: Simple Forum-Discussion System CVE-2021-45251 RESERVED CVE-2021-45250 @@ -665,7 +665,7 @@ CVE-2021-4141 CVE-2021-4140 RESERVED CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) - TODO: check + NOT-FOR-US: Pimcore CVE-2021-4138 RESERVED CVE-2022-22053 @@ -1247,11 +1247,11 @@ CVE-2021-45093 CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...) NOT-FOR-US: Thinfinity VirtualUI CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...) - TODO: check + NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...) - TODO: check + NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...) - TODO: check + NOT-FOR-US: Stormshield Endpoint Security CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) - epiphany-browser 41.2-1 NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 @@ -1964,13 +1964,13 @@ CVE-2021-44879 CVE-2021-44878 RESERVED CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...) - TODO: check + NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) - TODO: check + NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) - TODO: check + NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...) - TODO: check + NOT-FOR-US: Dalmark Systems Systeam CVE-2021-44873 RESERVED CVE-2021-44872 @@ -1998,9 +1998,9 @@ CVE-2021-44862 CVE-2021-44861 RESERVED CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...) - TODO: check + NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...) - TODO: check + NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) {DSA-5021-1 DLA-2847-1} - mediawiki 1:1.35.5-1 @@ -3341,9 +3341,9 @@ CVE-2021-44425 CVE-2021-44424 RESERVED CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...) - TODO: check + NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...) - TODO: check + NOT-FOR-US: Open Design Alliance Drawings SDK CVE-2021-44421 RESERVED CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...) @@ -3964,7 +3964,7 @@ CVE-2021-44209 CVE-2021-44208 RESERVED CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. ...) - TODO: check + NOT-FOR-US: Acclaim USAHERDS CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) NOT-FOR-US: snipe-it CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) @@ -6478,7 +6478,7 @@ CVE-2021-43589 CVE-2021-43588 RESERVED CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-43586 RESERVED CVE-2021-43585 @@ -6992,7 +6992,7 @@ CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attac CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...) NOT-FOR-US: iResturant CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...) - TODO: check + NOT-FOR-US: sourcecodetester Engineers Online Portal CVE-2021-43436 RESERVED CVE-2021-43435 @@ -26302,7 +26302,7 @@ CVE-2021-3639 [Prevent redirect to URLs that begin with '///'] [stretch] - libapache2-mod-auth-mellon <no-dsa> (Minor issue) NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36349 RESERVED CVE-2021-36348 @@ -26320,7 +26320,7 @@ CVE-2021-36343 CVE-2021-36342 RESERVED CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...) NOT-FOR-US: EMC CVE-2021-36339 @@ -26328,9 +26328,9 @@ CVE-2021-36339 CVE-2021-36338 RESERVED CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...) NOT-FOR-US: EMC CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...) @@ -28967,7 +28967,7 @@ CVE-2021-35250 CVE-2021-35249 RESERVED CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2021-35247 RESERVED CVE-2021-35246 @@ -28975,7 +28975,7 @@ CVE-2021-35246 CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...) NOT-FOR-US: SolarWinds CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2021-35243 RESERVED CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...) @@ -28995,7 +28995,7 @@ CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Serv CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...) NOT-FOR-US: Kiwi Syslog Server CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allows for ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server ...) NOT-FOR-US: Kiwi Syslog Server CVE-2021-35232 @@ -48625,23 +48625,23 @@ CVE-2021-27455 (Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulne CVE-2021-27454 (The software performs an operation at a privilege level higher than th ...) NOT-FOR-US: GE CVE-2021-27453 (Mesa Labs AmegaView Versions 3.0 uses default cookies that could be se ...) - TODO: check + NOT-FOR-US: Mesa Labs CVE-2021-27452 (The software contains a hard-coded password that could allow an attack ...) NOT-FOR-US: GE CVE-2021-27451 (Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generat ...) - TODO: check + NOT-FOR-US: Mesa Labs CVE-2021-27450 (SSH server configuration file does not implement some best practices. ...) NOT-FOR-US: GE CVE-2021-27449 (Mesa Labs AmegaView Versions 3.0 and prior has a command injection vul ...) - TODO: check + NOT-FOR-US: Mesa Labs CVE-2021-27448 (A miscommunication in the file system allows adversaries with access t ...) NOT-FOR-US: GE CVE-2021-27447 (Mesa Labs AmegaView version 3.0 is vulnerable to a command injection, ...) - TODO: check + NOT-FOR-US: Mesa Labs CVE-2021-27446 RESERVED CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...) - TODO: check + NOT-FOR-US: Mesa Labs CVE-2021-27444 RESERVED CVE-2021-27443 @@ -54935,7 +54935,7 @@ CVE-2021-24983 CVE-2021-24982 RESERVED CVE-2021-24981 (The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cros ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24980 RESERVED CVE-2021-24979 @@ -54985,7 +54985,7 @@ CVE-2021-24958 CVE-2021-24957 RESERVED CVE-2021-24956 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plug ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24955 (The User Registration, Login Form, User Profile & Membership WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24954 (The User Registration, Login Form, User Profile & Membership WordP ...) @@ -55015,7 +55015,7 @@ CVE-2021-24943 (The Registrations for the Events Calendar WordPress plugin befor CVE-2021-24942 RESERVED CVE-2021-24941 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24940 RESERVED CVE-2021-24939 (The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before ...) @@ -55083,7 +55083,7 @@ CVE-2021-24909 CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24907 (The Contact Form, Drag and Drop Form Builder for WordPress plugin befo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24906 RESERVED CVE-2021-24905 @@ -55199,13 +55199,13 @@ CVE-2021-24851 (The Insert Pages WordPress plugin before 3.7.0 allows users with CVE-2021-24850 (The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that p ...) NOT-FOR-US: WordPress plugin CVE-2021-24849 (The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24848 (The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPre ...) NOT-FOR-US: WordPress plugin CVE-2021-24847 (The importFromRedirection AJAX action of the SEO Redirection Plugin &# ...) NOT-FOR-US: WordPress plugin CVE-2021-24846 (The get_query() function of the Ni WooCommerce Custom Order Status Wor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows passing ...) NOT-FOR-US: WordPress plugin CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...) @@ -55397,7 +55397,7 @@ CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capa CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2021-24750 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...) NOT-FOR-US: WordPress plugin CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...) @@ -55419,9 +55419,9 @@ CVE-2021-24741 (The Support Board WordPress plugin before 3.3.4 does not escape CVE-2021-24740 (The Tutor LMS WordPress plugin before 1.9.9 does not escape some of it ...) NOT-FOR-US: WordPress plugin CVE-2021-24739 (The Logo Carousel WordPress plugin before 3.4.2 allows users with a ro ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24738 (The Logo Carousel WordPress plugin before 3.4.2 does not validate and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24736 (The Easy Download Manager and File Sharing Plugin with frontend file u ...) @@ -55741,7 +55741,7 @@ CVE-2021-24580 (The Side Menu Lite WordPress plugin before 2.2.6 does not saniti CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plug ...) NOT-FOR-US: WordPress plugin CVE-2021-24578 (The SportsPress WordPress plugin before 2.7.9 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...) NOT-FOR-US: WordPress plugin CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...) @@ -97474,7 +97474,7 @@ CVE-2020-19772 CVE-2020-19771 RESERVED CVE-2020-19770 (A cross-site scripting (XSS) vulnerability in the system bulletin comp ...) - TODO: check + NOT-FOR-US: WUZHI CMS CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...) NOT-FOR-US: Rob The Bank CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...) @@ -125800,7 +125800,7 @@ CVE-2020-8970 CVE-2020-8969 RESERVED CVE-2020-8968 (Parallels Remote Application Server (RAS) allows a local attacker to r ...) - TODO: check + NOT-FOR-US: Parallels Remote Application Server (RAS) CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...) NOT-FOR-US: GESIO CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb60dfd19ff4385869c93e454deb22f2cdf3e23f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eb60dfd19ff4385869c93e454deb22f2cdf3e23f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits