From a06f4fb9a73657fb173ae8889ab719773f35fac4 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 19 Feb 2022 22:03:37 +0100 Subject: Process NFUs --- data/CVE/2021.list | 20 ++++++++++---------- data/CVE/2022.list | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index f9841e872b..1e7c9f25ad 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -731,7 +731,7 @@ CVE-2021-46374 CVE-2021-46373 RESERVED CVE-2021-46372 (Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. Wh ...) - TODO: check + NOT-FOR-US: Scoold CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...) NOT-FOR-US: antd-admin CVE-2021-46370 @@ -1406,7 +1406,7 @@ CVE-2021-46112 CVE-2021-46111 RESERVED CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...) - TODO: check + NOT-FOR-US: Online Shopping Portal CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...) NOT-FOR-US: ASUS CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...) @@ -1466,7 +1466,7 @@ CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting ( CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) NOT-FOR-US: uscat CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...) - TODO: check + NOT-FOR-US: Moxa CVE-2021-46081 RESERVED CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...) @@ -1504,9 +1504,9 @@ CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Fi CVE-2021-46064 RESERVED CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...) - TODO: check + NOT-FOR-US: MCMS CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...) - TODO: check + NOT-FOR-US: MCMS CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...) NOT-FOR-US: Sourcecodester CVE-2021-46060 @@ -6317,7 +6317,7 @@ CVE-2021-44304 CVE-2021-44303 RESERVED CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...) - TODO: check + NOT-FOR-US: BaiCloud-cms CVE-2021-44301 RESERVED CVE-2021-44300 @@ -14944,9 +14944,9 @@ CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe d CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...) NOT-FOR-US: Proofpoint CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...) - TODO: check + NOT-FOR-US: LiveConfig CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form ...) - TODO: check + NOT-FOR-US: LiveConfig CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...) - python-rencode 1.0.6-2 [bullseye] - python-rencode (Minor issue) @@ -42403,9 +42403,9 @@ CVE-2021-29657 (arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has NOTE: https://git.kernel.org/linus/a58d9166a756a0f4a6618e4f593232593d6df134 NOTE: https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html CVE-2021-29656 (Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validat ...) - TODO: check + NOT-FOR-US: Pexip Infinity Connect CVE-2021-29655 (Pexip Infinity Connect before 1.8.0 omits certain provisioning authent ...) - TODO: check + NOT-FOR-US: Pexip Infinity Connect CVE-2021-29654 (AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data ( ...) NOT-FOR-US: AjaxSearchPro CVE-2021-29653 (HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain ci ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index d2ecc92bcf..e4b6a2e77f 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -17,9 +17,9 @@ CVE-2022-0684 CVE-2022-25367 RESERVED CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it ...) - TODO: check + NOT-FOR-US: Cryptomator CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...) - TODO: check + NOT-FOR-US: Docker Desktop CVE-2022-25364 RESERVED CVE-2022-25363 @@ -111,7 +111,7 @@ CVE-2022-0680 CVE-2022-0679 RESERVED CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0677 RESERVED CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...) @@ -4725,7 +4725,7 @@ CVE-2022-23651 CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...) TODO: check CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...) - TODO: check + NOT-FOR-US: Cosign CVE-2022-23648 RESERVED CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...) @@ -4737,9 +4737,9 @@ CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character dev CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...) NOT-FOR-US: BookWyrm CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) - TODO: check + NOT-FOR-US: Sourcegraph CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...) - TODO: check + NOT-FOR-US: Sourcegraph CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...) NOT-FOR-US: Discourse CVE-2022-23640 @@ -4751,7 +4751,7 @@ CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-sit CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...) NOT-FOR-US: K-Box CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI. Prior t ...) - TODO: check + NOT-FOR-US: wasmtime CVE-2022-23635 RESERVED CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...) @@ -5460,9 +5460,9 @@ CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2 CVE-2022-23377 RESERVED CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on ...) - TODO: check + NOT-FOR-US: WikiDocs CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...) - TODO: check + NOT-FOR-US: WikiDocs CVE-2022-23374 RESERVED CVE-2022-23373 @@ -5877,7 +5877,7 @@ CVE-2022-23230 CVE-2022-23229 RESERVED CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...) - TODO: check + NOT-FOR-US: Pexip Infinity CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...) NOT-FOR-US: NUUO NVRmini2 CVE-2022-23226 -- cgit v1.2.3