From c5dc006663a8169309899a6930c82372a740dba8 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 21 Jan 2022 21:34:28 +0100 Subject: Process some NFUs --- data/CVE/list | 62 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 32a2727087..c447674dcd 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -265,7 +265,7 @@ CVE-2022-23730 CVE-2022-23729 RESERVED CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) - TODO: check + NOT-FOR-US: LG CVE-2022-23727 RESERVED CVE-2022-23726 @@ -1441,11 +1441,11 @@ CVE-2021-46311 CVE-2021-46310 RESERVED CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...) - TODO: check + NOT-FOR-US: Projectworlds Online Examination System CVE-2021-46306 RESERVED CVE-2021-46305 @@ -2081,13 +2081,13 @@ CVE-2022-23131 (In the case of instances where the SAML SSO authentication is en NOTE: https://support.zabbix.com/browse/ZBX-20350 TODO: check, possibly only affecting 5.4.0 onwards CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-23126 RESERVED CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) @@ -2889,13 +2889,13 @@ CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read v CVE-2021-46202 RESERVED CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...) - TODO: check + NOT-FOR-US: Sourcecodester Online Resort Management System CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-46199 RESERVED CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-46197 RESERVED CVE-2021-46196 @@ -7034,7 +7034,7 @@ CVE-2021-4147 [deadlock and crash in libxl driver] NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) - TODO: check + NOT-FOR-US: pimcore CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c] RESERVED - qemu 1:6.2+dfsg-1 @@ -7067,7 +7067,7 @@ CVE-2021-45444 CVE-2021-45443 RESERVED CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...) - TODO: check + NOT-FOR-US: BigBlueButton CVE-2017-20010 RESERVED NOT-FOR-US: MODX Revolution @@ -8349,7 +8349,7 @@ CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...) NOT-FOR-US: DIAEnergie CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...) - TODO: check + NOT-FOR-US: ASUS CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) @@ -9805,7 +9805,7 @@ CVE-2021-44595 CVE-2021-44594 RESERVED CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...) - TODO: check + NOT-FOR-US: Simple College Website CVE-2021-44592 RESERVED CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) @@ -10291,7 +10291,7 @@ CVE-2021-23223 CVE-2021-23179 RESERVED CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) - TODO: check + NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard) CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) NOT-FOR-US: mySCADA myPRO CVE-2021-44451 @@ -10339,29 +10339,29 @@ CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All version CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-4035 RESERVED CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...) TODO: check CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant MasterMed CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...) - TODO: check + NOT-FOR-US: Agilia Link+ CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) NOT-FOR-US: Serva CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) @@ -11032,7 +11032,7 @@ CVE-2021-44197 CVE-2021-44196 RESERVED CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...) - TODO: check + NOT-FOR-US: Rapid7 Insight Agent CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...) @@ -22650,7 +22650,7 @@ CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Esca CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...) NOT-FOR-US: Auerswald CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...) - TODO: check + NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) NOT-FOR-US: AnyDesk CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...) @@ -23257,7 +23257,7 @@ CVE-2021-40597 CVE-2021-40596 RESERVED CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-40594 RESERVED CVE-2021-40593 @@ -24158,7 +24158,7 @@ CVE-2021-40249 CVE-2021-40248 RESERVED CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-40246 RESERVED CVE-2021-40245 @@ -36977,7 +36977,7 @@ CVE-2021-35005 CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) TODO: check CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2021-35002 RESERVED CVE-2021-35001 -- cgit v1.2.3