From d73ed1a33a7a52baf8997be018869b57ee3196bf Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Wed, 18 May 2022 10:04:58 +0100 Subject: Process some NFUs --- data/CVE/list | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 37287d2d3f..79f7f8d5f5 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -15,7 +15,7 @@ CVE-2022-1772 CVE-2022-1771 RESERVED CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...) - TODO: check + NOT-FOR-US: bvsatyaram/random_password_generator CVE-2022-30973 RESERVED CVE-2022-1770 @@ -10686,7 +10686,7 @@ CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel’s vi NOTE: https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6) NOTE: CONFIG_VHOST_VDPA not set in Debian CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sensor co ...) - TODO: check + NOT-FOR-US: Fidelis CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...) - 389-ds-base 2.0.15-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769 @@ -38830,7 +38830,7 @@ CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbi CVE-2021-42944 RESERVED CVE-2021-42943 (Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan ...) - TODO: check + - ipplan CVE-2021-42942 RESERVED CVE-2021-42941 @@ -38929,7 +38929,7 @@ CVE-2021-42899 CVE-2021-42898 RESERVED CVE-2021-42897 (A remote command execution (RCE) vulnerability was found in FeMiner wm ...) - TODO: check + NOT-FOR-US: FeMiner/wms CVE-2021-42896 RESERVED CVE-2021-42895 @@ -38983,7 +38983,7 @@ CVE-2021-42872 CVE-2021-42871 RESERVED CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing ...) - TODO: check + NOT-FOR-US: accel-ppp CVE-2021-42869 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...) NOT-FOR-US: Chikista Patient Management Software CVE-2021-42868 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...) @@ -39565,9 +39565,9 @@ CVE-2021-42646 (XML External Entity (XXE) vulnerability in the file based servic CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnera ...) NOT-FOR-US: CMSimple CVE-2021-42644 (cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerab ...) - TODO: check + NOT-FOR-US: CmsEasy CVE-2021-42643 (cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnera ...) - TODO: check + NOT-FOR-US: CmsEasy CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) NOT-FOR-US: PrinterLogic Web Stack CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) @@ -64601,7 +64601,7 @@ CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on P NOTE: https://github.com/sh4nks/flask-caching/pull/209 NOTE: Negligible security impact CVE-2021-33025 (xArrow SCADA versions 7.2 and prior permits unvalidated registry keys ...) - TODO: check + NOT-FOR-US: xArrow CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or stores authe ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...) @@ -64609,7 +64609,7 @@ CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or se ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33021 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...) - TODO: check + NOT-FOR-US: xArrow CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key ...) NOT-FOR-US: Philips Vue PACS CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...) @@ -64625,7 +64625,7 @@ CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation CVE-2021-33014 RESERVED CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized ...) - TODO: check + NOT-FOR-US: mySCADA myPRO CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) NOT-FOR-US: Rockwell CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...) @@ -64649,7 +64649,7 @@ CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow a CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-33001 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...) - TODO: check + NOT-FOR-US: xArrow CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...) NOT-FOR-US: WebAccess HMI Designer CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...) @@ -79188,11 +79188,11 @@ CVE-2021-27446 (The Weintek cMT product line is vulnerable to code injection, wh CVE-2021-27445 (Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissio ...) NOT-FOR-US: Mesa Labs CVE-2021-27444 (The Weintek cMT product line is vulnerable to various improper access ...) - TODO: check + NOT-FOR-US: Weintek cMT gateway CVE-2021-27443 RESERVED CVE-2021-27442 (The Weintek cMT product line is vulnerable to a cross-site scripting v ...) - TODO: check + NOT-FOR-US: Weintek cMT gateway CVE-2021-27441 RESERVED CVE-2021-27440 (The software contains a hard-coded password it uses for its own inboun ...) @@ -89396,11 +89396,11 @@ CVE-2021-23269 CVE-2021-23268 RESERVED CVE-2021-23267 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23266 (An anonymous user can craft a URL with text that ends up in the log vi ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23265 (A logged-in and authenticated user with a Reviewer Role may lock a con ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...) NOT-FOR-US: Crafter CMS CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...) -- cgit v1.2.3