From f97c382316af31dcf4e721f326ebf1b1fb3a4d3c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 30 Jan 2020 21:36:03 +0100 Subject: Process NFUs --- data/CVE/list | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 0d87f689f0..af0f98cdba 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -6995,7 +6995,7 @@ CVE-2020-5235 CVE-2020-5234 RESERVED CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) - TODO: check + NOT-FOR-US: OAuth2 Proxy CVE-2020-5232 RESERVED CVE-2020-5231 @@ -10311,7 +10311,7 @@ CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_h - upx-ucl (unimportant) NOTE: https://github.com/upx/upx/issues/313 CVE-2019-20050 (Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerab ...) - TODO: check + NOT-FOR-US: Pandora FMS CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer dereference ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 @@ -25320,7 +25320,7 @@ CVE-2019-17275 CVE-2019-17274 RESERVED CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...) - TODO: check + NOT-FOR-US: E-Series SANtricity OS Controller Software CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...) NOT-FOR-US: ONTAP CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...) @@ -54854,11 +54854,11 @@ CVE-2019-7658 CVE-2019-7657 RESERVED CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 a ...) - TODO: check + NOT-FOR-US: Wowza Streaming Engine CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authentic ...) - TODO: check + NOT-FOR-US: Wowza Streaming Engine CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vuln ...) - TODO: check + NOT-FOR-US: Wowza Streaming Engine CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...) NOT-FOR-US: TheHive Project UnshortenLink analyzer CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...) @@ -244001,11 +244001,11 @@ CVE-2014-7305 CVE-2014-7304 RESERVED CVE-2014-7303 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) - TODO: check + NOT-FOR-US: SGI Tempo CVE-2014-7302 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) - TODO: check + NOT-FOR-US: SGI Tempo CVE-2014-7301 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) - TODO: check + NOT-FOR-US: SGI Tempo CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS 6.3. ...) NOT-FOR-US: Aruba ArubaOS CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify ...) @@ -252562,7 +252562,7 @@ CVE-2014-3721 CVE-2014-3720 RESERVED CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.c ...) - TODO: check + NOT-FOR-US: Ex Libris ALEPH 500 (Integrated library management system) CVE-2014-3713 RESERVED CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory c ...) @@ -273140,9 +273140,9 @@ CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP Ne CVE-2013-3318 REJECTED CVE-2013-3317 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...) - TODO: check + NOT-FOR-US: Netgear CVE-2013-3316 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...) - TODO: check + NOT-FOR-US: Netgear CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify acces ...) NOT-FOR-US: TIBCO CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) I ...) @@ -278171,7 +278171,7 @@ CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packa CVE-2013-1632 RESERVED CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user execut ...) - TODO: check + NOT-FOR-US: Verax NMS CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repos ...) NOT-FOR-US: pyshop CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...) @@ -278242,11 +278242,11 @@ CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.0 CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware ...) NOT-FOR-US: MayGion IP Cameras CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficient val ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...) - TODO: check + NOT-FOR-US: D-LINK CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...) NOT-FOR-US: D-Link CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...) @@ -279063,11 +279063,11 @@ CVE-2013-1354 CVE-2013-1353 RESERVED CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...) - TODO: check + NOT-FOR-US: Verax NMS CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...) - TODO: check + NOT-FOR-US: Verax NMS CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities ...) - TODO: check + NOT-FOR-US: Verax NMS CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 al ...) NOT-FOR-US: openSIS CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...) @@ -280770,7 +280770,7 @@ CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 1 CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath func ...) NOT-FOR-US: ERDAS ER Viewer CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary c ...) - TODO: check + NOT-FOR-US: ERDAS ER Viewer CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php i ...) NOT-FOR-US: Wordpress plugin ecommerce Shop Styling CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsh ...) @@ -282115,7 +282115,7 @@ CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-g - dbus-glib 0.100.1-1 (bug #700638; high) [squeeze] - dbus-glib 0.88-2.1+squeeze1 CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disc ...) - TODO: check + NOT-FOR-US: NextGEN Gallery Plugin for WordPress CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux k ...) - linux (Introduced in 3.4, fixed in 3.8) - linux-2.6 (Introduced in 3.4) -- cgit v1.2.3