From f988e98028309f7364f19dd37d73f55dbf5874ad Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 19 Jan 2021 21:25:44 +0100 Subject: Process some NFUs --- data/CVE/list | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 4c5057ed76..36b6635e3e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,9 +1,9 @@ CVE-2021-3184 (MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global ...) - TODO: check + NOT-FOR-US: MISP CVE-2021-3183 (Files.com Fat Client 3.3.6 allows authentication bypass because the cl ...) - TODO: check + NOT-FOR-US: Files.com Fat Client CVE-2021-3182 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DCS-5220 devices have a buffer ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-3181 (rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a deni ...) - mutt (bug #980326) NOTE: https://gitlab.com/muttmua/mutt/-/issues/323 @@ -19,11 +19,11 @@ CVE-2021-25327 CVE-2021-25326 RESERVED CVE-2021-25325 (MISP 2.4.136 has XSS via galaxy cluster element values to app/View/Gal ...) - TODO: check + NOT-FOR-US: MISP CVE-2021-25324 (MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster n ...) - TODO: check + NOT-FOR-US: MISP CVE-2021-25323 (The default setting of MISP 2.4.136 did not enable the requirements (a ...) - TODO: check + NOT-FOR-US: MISP CVE-2021-25322 RESERVED CVE-2021-25321 @@ -5124,11 +5124,11 @@ CVE-2021-22854 CVE-2021-22853 RESERVED CVE-2021-22852 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) - TODO: check + NOT-FOR-US: HGiga EIP CVE-2021-22851 (HGiga EIP product contains SQL Injection vulnerability. Attackers can ...) - TODO: check + NOT-FOR-US: HGiga EIP CVE-2021-22850 (HGiga EIP product lacks ineffective access control in certain pages th ...) - TODO: check + NOT-FOR-US: HGiga EIP CVE-2021-22849 RESERVED CVE-2021-22848 @@ -15791,7 +15791,7 @@ CVE-2020-29452 CVE-2020-29451 RESERVED CVE-2020-29450 (Affected versions of Atlassian Confluence Server and Data Center allow ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-29449 RESERVED CVE-2020-29448 @@ -22693,7 +22693,7 @@ CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to ta CVE-2020-27734 RESERVED CVE-2020-27733 (Zoho ManageEngine Applications Manager before 14 build 14880 allows an ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-27732 RESERVED CVE-2020-27731 @@ -32974,7 +32974,7 @@ CVE-2020-23344 CVE-2020-23343 RESERVED CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...) - TODO: check + NOT-FOR-US: Anchor CMS CVE-2020-23341 RESERVED CVE-2020-23340 @@ -69086,7 +69086,7 @@ CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) NOT-FOR-US: HCI CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible ...) - TODO: check + NOT-FOR-US: Clustered Data ONTAP CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...) NOT-FOR-US: SANtricity OS Controller Software CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a v ...) @@ -97785,7 +97785,7 @@ CVE-2019-16963 CVE-2019-16962 (Zoho ManageEngine Desktop Central 10.0.430 allows HTML injection via a ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2019-16961 (SolarWinds Web Help Desk 12.7.0 allows XSS via a Schedule Name. ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2019-16960 (SolarWinds Web Help Desk 12.7.0 allows XSS via a CSV template file wit ...) NOT-FOR-US: SolarWinds CVE-2019-16959 (SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Fo ...) -- cgit v1.2.3