From 6cb3e2bd90b71fd6ef1a3d9117d99464fb7c2261 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 25 Oct 2021 22:37:02 +0200 Subject: Process several NFUs --- data/CVE/list | 78 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 39 insertions(+), 39 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 1869992493..becd4a6c33 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -4028,7 +4028,7 @@ CVE-2021-41773 (A flaw was found in a change made to path normalization in Apach CVE-2021-3839 RESERVED CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) - TODO: check + NOT-FOR-US: Ingeteam INGEPAC DA AU CVE-2021-41772 RESERVED CVE-2021-41771 @@ -5350,7 +5350,7 @@ CVE-2021-41178 CVE-2021-41177 RESERVED CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) - TODO: check + NOT-FOR-US: Pterodactyl CVE-2021-41175 RESERVED CVE-2021-41174 @@ -6869,9 +6869,9 @@ CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plai NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on NOTE: a query). CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...) - TODO: check + NOT-FOR-US: "com.onepeloton.erlich" mobile application CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...) - TODO: check + NOT-FOR-US: Peleton CVE-2021-40525 RESERVED CVE-2021-3776 @@ -7250,7 +7250,7 @@ CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering CVE-2021-40372 RESERVED CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.7912 allo ...) - TODO: check + NOT-FOR-US: Gridpro Request Management for Windows Azure Pack CVE-2021-40370 RESERVED CVE-2021-40369 @@ -19507,7 +19507,7 @@ CVE-2021-35233 CVE-2021-35232 RESERVED CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...) - TODO: check + NOT-FOR-US: Kiwi Syslog Server Installation Wizard CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...) NOT-FOR-US: Kiwi CatTools Installation Wizard CVE-2021-35229 @@ -20306,27 +20306,27 @@ CVE-2021-34866 CVE-2021-34865 RESERVED CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2021-34858 RESERVED CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PDF Reader CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -42638,7 +42638,7 @@ CVE-2021-25979 CVE-2021-25978 RESERVED CVE-2021-25977 (In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS du ...) - TODO: check + NOT-FOR-US: PiranhaCMS CVE-2021-25976 RESERVED CVE-2021-25975 @@ -45423,9 +45423,9 @@ CVE-2021-24887 CVE-2021-24886 RESERVED CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the perpage ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24883 RESERVED CVE-2021-24882 @@ -45623,7 +45623,7 @@ CVE-2021-24787 CVE-2021-24786 RESERVED CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24784 RESERVED CVE-2021-24783 @@ -45635,7 +45635,7 @@ CVE-2021-24781 CVE-2021-24780 RESERVED CVE-2021-24779 (The WP Debugging WordPress plugin before 2.11.0 has its update_setting ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24778 RESERVED CVE-2021-24777 @@ -45645,7 +45645,7 @@ CVE-2021-24776 CVE-2021-24775 RESERVED CVE-2021-24774 (The Check & Log Email WordPress plugin before 1.0.3 does not valid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24773 RESERVED CVE-2021-24772 @@ -45655,7 +45655,7 @@ CVE-2021-24771 CVE-2021-24770 RESERVED CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24768 RESERVED CVE-2021-24767 @@ -45705,7 +45705,7 @@ CVE-2021-24746 CVE-2021-24745 RESERVED CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...) NOT-FOR-US: WordPress plugin CVE-2021-24742 @@ -45795,7 +45795,7 @@ CVE-2021-24701 CVE-2021-24700 RESERVED CVE-2021-24699 (The Easy Media Download WordPress plugin before 1.1.7 does not escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24698 RESERVED CVE-2021-24697 @@ -45869,7 +45869,7 @@ CVE-2021-24664 CVE-2021-24663 (The Simple Schools Staff Directory WordPress plugin through 1.1 does n ...) NOT-FOR-US: WordPress plugin CVE-2021-24662 (The Game Server Status WordPress plugin through 1.0 does not validate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24661 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24660 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) @@ -45887,7 +45887,7 @@ CVE-2021-24655 CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...) NOT-FOR-US: WordPress plugin CVE-2021-24653 (The Cookie Bar WordPress plugin through 1.8.8 doesn't properly sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...) @@ -45977,7 +45977,7 @@ CVE-2021-24610 (The TranslatePress WordPress plugin before 2.0.9 does not implem CVE-2021-24609 (The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not san ...) NOT-FOR-US: WordPress plugin CVE-2021-24608 (The Formidable Form Builder – Contact Form, Survey & Quiz Fo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24607 RESERVED CVE-2021-24606 (The Availability Calendar WordPress plugin before 1.2.1 does not escap ...) @@ -46105,9 +46105,9 @@ CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit WordPress CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...) NOT-FOR-US: WordPress plugin CVE-2021-24544 (The Responsive WordPress Slider WordPress plugin through 2.2.0 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24543 (The jQuery Reply to Comment WordPress plugin through 1.31 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24542 RESERVED CVE-2021-24541 (The Wonder PDF Embed WordPress plugin before 1.7 does not escape param ...) @@ -46163,9 +46163,9 @@ CVE-2021-24517 (The Stop Spammers Security | Block Spam Users, Comments, Forms W CVE-2021-24516 (The PlanSo Forms WordPress plugin through 2.6.3 does not escape the ti ...) NOT-FOR-US: WordPress plugin CVE-2021-24515 (The Video Gallery – Vimeo and YouTube Gallery WordPress plugin t ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24514 (The Visual Form Builder WordPress plugin before 3.0.4 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24513 (The Form Builder | Create Responsive Contact Forms WordPress plugin be ...) NOT-FOR-US: WordPress plugin CVE-2021-24512 (The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an a ...) @@ -46215,15 +46215,15 @@ CVE-2021-24491 (The Fileviewer WordPress plugin through 2.2 does not have CSRF c CVE-2021-24490 (The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24489 (The Request a Quote WordPress plugin before 2.3.5 does not sanitise, v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24488 (The slider import search feature and tab parameter of the Post Grid Wo ...) NOT-FOR-US: WordPress plugin CVE-2021-24487 (The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24486 (The Simple Social Media Share Buttons – Social Sharing for Every ...) NOT-FOR-US: WordPress plugin CVE-2021-24485 (The Special Text Boxes WordPress plugin through 5.9.109 does not sanit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24484 (The get_reports() function in the Secure Copy Content Protection and C ...) NOT-FOR-US: WordPress plugin CVE-2021-24483 (The get_poll_categories(), get_polls() and get_reports() functions in ...) @@ -46365,7 +46365,7 @@ CVE-2021-24416 (The StreamCast – Radio Player for WordPress plugin before CVE-2021-24415 (The Polo Video Gallery – Best wordpress video gallery plugin Wor ...) NOT-FOR-US: WordPress plugin CVE-2021-24414 (The Video Player for YouTube WordPress plugin before 1.4 does not sani ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24413 (The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24412 (The Html5 Audio Player – Audio Player for WordPress plugin befor ...) @@ -46431,7 +46431,7 @@ CVE-2021-24383 (The WP Google Maps WordPress plugin before 8.1.12 did not saniti CVE-2021-24382 (The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did n ...) NOT-FOR-US: WordPress plugin CVE-2021-24381 (The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24380 (The Shantz WordPress QOTD WordPress plugin through 1.2.2 is lacking an ...) NOT-FOR-US: WordPress plugin CVE-2021-24379 (The Comments Like Dislike WordPress plugin before 1.1.4 allows users t ...) @@ -85224,7 +85224,7 @@ CVE-2020-20910 CVE-2020-20909 RESERVED CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...) - TODO: check + NOT-FOR-US: Akaunting CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...) NOT-FOR-US: MetInfo CVE-2020-20906 @@ -100585,7 +100585,7 @@ CVE-2020-14266 CVE-2020-14265 RESERVED CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) - TODO: check + NOT-FOR-US: HCL CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) NOT-FOR-US: HCL CVE-2020-14262 -- cgit v1.2.3