From ebca431c2a12a86e255d31a18a3eccb503b4daef Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Mon, 4 Jul 2022 09:34:38 +0100 Subject: Process some NFUs --- data/CVE/list | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index e4ee6328f2..0f53207d00 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -604,7 +604,7 @@ CVE-2017-20125 (A vulnerability classified as critical was found in Online Hotel CVE-2017-20124 (A vulnerability classified as critical has been found in Online Hotel ...) NOT-FOR-US: WordPress plugin CVE-2017-20123 (A vulnerability was found in Viscosity 1.6.7. It has been classified a ...) - TODO: check + NOT-FOR-US: Viscosity on Windows and macOS CVE-2017-20122 (A vulnerability classified as problematic was found in Bitrix Site Man ...) NOT-FOR-US: Bitrix Site Manager CVE-2022-34734 @@ -115345,7 +115345,7 @@ CVE-2020-28867 CVE-2020-28866 RESERVED CVE-2020-28865 (An issue was discovered in PowerJob through 3.2.2, allows attackers to ...) - TODO: check + NOT-FOR-US: PowerJob CVE-2020-28864 (Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to caus ...) NOT-FOR-US: WinSCP CVE-2020-28863 @@ -122274,7 +122274,7 @@ CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML compon CVE-2020-27510 RESERVED CVE-2020-27509 (Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11 ...) - TODO: check + NOT-FOR-US: Galaxkey CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...) NOT-FOR-US: Frappe Framework CVE-2020-27507 @@ -123737,7 +123737,7 @@ CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hard CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...) NOT-FOR-US: Ruckus CVE-2020-26877 (ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in a ...) - TODO: check + NOT-FOR-US: ApiFest OAuth 2.0 CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...) NOT-FOR-US: WordPress plugin CVE-2020-26875 @@ -127326,7 +127326,7 @@ CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in moddable/ CVE-2020-25460 RESERVED CVE-2020-25459 (An issue was discovered in function sync_tree in hetero_decision_tree_ ...) - TODO: check + NOT-FOR-US: FederatedAI/FATE CVE-2020-25458 RESERVED CVE-2020-25457 @@ -136856,7 +136856,7 @@ CVE-2020-21163 CVE-2020-21162 RESERVED CVE-2020-21161 (Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirect ...) - TODO: check + NOT-FOR-US: Ruckus CVE-2020-21160 RESERVED CVE-2020-21159 @@ -137099,7 +137099,7 @@ CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 a CVE-2020-21047 RESERVED CVE-2020-21046 (A local privilege escalation vulnerability was identified within the " ...) - TODO: check + NOT-FOR-US: EagleGet for Windows CVE-2020-21045 RESERVED CVE-2020-21044 @@ -139469,9 +139469,9 @@ CVE-2020-19899 CVE-2020-19898 RESERVED CVE-2020-19897 (A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ...) - TODO: check + NOT-FOR-US: Wuzhicms CVE-2020-19896 (File inclusion vulnerability in Minicms v1.9 allows remote attackers t ...) - TODO: check + NOT-FOR-US: MiniCMS CVE-2020-19895 RESERVED CVE-2020-19894 @@ -166211,7 +166211,7 @@ CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows i CVE-2020-9755 RESERVED CVE-2020-9754 (NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to ...) - TODO: check + NOT-FOR-US: Whale Browser CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...) NOT-FOR-US: Whale Browser CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...) @@ -177990,7 +177990,7 @@ CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows CVE-2020-5181 RESERVED CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...) - NOT-FOR-US: Viscosity on Widnows and macOS + NOT-FOR-US: Viscosity on Windows and macOS CVE-2019-20224 (netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows ...) NOT-FOR-US: Pandora FMS CVE-2019-20223 (In Support Incident Tracker (SiT!) 3.67, the id parameter is affected ...) @@ -425351,7 +425351,8 @@ CVE-2014-3650 (Multiple persistent cross-site scripting (XSS) flaws were found i CVE-2014-3649 (JBoss AeroGear has reflected XSS via the password field ...) NOT-FOR-US: JBoss AeroGear CVE-2014-3648 (The simplepush server iterates through the application installations a ...) - TODO: check + NOTE: https://issues.redhat.com/browse/AEROGEAR-6091 (private) + TODO: check, if more information becomes available. CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel throug ...) {DSA-3060-1} - linux 3.16.7-1 @@ -443623,7 +443624,7 @@ CVE-2013-4172 (The Red Hat CloudForms Management Engine 5.1 allow remote adminis CVE-2013-4171 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller b ...) NOT-FOR-US: Apache Roller CVE-2013-4170 (In general, Ember.js escapes or strips any user-supplied content befor ...) - TODO: check + NOT-FOR-US: ember.js CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...) - gdm (unimportant) - gdm3 (Only affected older gdm < 2.21.1) @@ -443734,7 +443735,8 @@ CVE-2013-4146 CVE-2013-4145 REJECTED CVE-2013-4144 (There is an object injection vulnerability in swfupload plugin for wor ...) - TODO: check + - libjs-swfupload + NOTE: https://github.com/wordpress/secure-swfupload/issues/1 CVE-2013-4143 (The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockm ...) - xlockmore NOTE: http://openwall.com/lists/oss-security/2013/07/16/8 @@ -449629,7 +449631,7 @@ CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly val [squeeze] - mongodb (Minor isue, Spidermonkey in Lenny is EOLed) NOTE: https://www.openwall.com/lists/oss-security/2013/03/25/7 CVE-2013-1891 (In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filem ...) - TODO: check + NOT-FOR-US: OpenCart CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...) - owncloud (only affecting 5.0 branch) CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly handles file descriptors which allow ...) -- cgit v1.2.3