diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-14 21:23:56 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-14 21:23:56 +0100 |
| commit | 06378300c8939a0b2889582e54d08fbb0d98b819 (patch) | |
| tree | 7229b94b57a57a3f523ec96045807e879c151d74 | |
| parent | d41f46091f37dda6c3da67b747543e067f9b7311 (diff) | |
Process NFUs
| -rw-r--r-- | data/CVE/list.2021 | 32 | ||||
| -rw-r--r-- | data/CVE/list.2022 | 26 |
2 files changed, 29 insertions, 29 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 219163a48c..d201b168ae 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -3275,9 +3275,9 @@ CVE-2021-45423 CVE-2021-45422 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) NOT-FOR-US: Reprise License Manager CVE-2021-45421 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...) - TODO: check + NOT-FOR-US: Emerson CVE-2021-45420 (** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are a ...) - TODO: check + NOT-FOR-US: Emerson CVE-2021-45419 (Certain Starcharge products are affected by Improper Input Validation. ...) NOT-FOR-US: Nova 360 Cabinet CVE-2021-45418 (Certain Starcharge products are vulnerable to Directory Traversal via ...) @@ -3342,7 +3342,7 @@ CVE-2021-45394 (An issue was discovered in Spipu HTML2PDF before 5.2.4. Attacker CVE-2021-45393 RESERVED CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2021-45391 RESERVED CVE-2021-45390 @@ -19284,9 +19284,9 @@ CVE-2021-39082 CVE-2021-39081 RESERVED CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-39078 RESERVED CVE-2021-39077 @@ -53512,7 +53512,7 @@ CVE-2021-25117 CVE-2021-25116 RESERVED CVE-2021-25115 (The WP Photo Album Plus WordPress plugin before 8.0.10 was vulnerable ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...) NOT-FOR-US: WordPress plugin CVE-2021-25113 @@ -53522,13 +53522,13 @@ CVE-2021-25112 CVE-2021-25111 RESERVED CVE-2021-25110 (The Futurio Extra WordPress plugin before 1.6.3 allowed any logged in ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25109 (The Futurio Extra WordPress plugin before 1.6.3 is affected by a SQL I ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...) NOT-FOR-US: WordPress plugin CVE-2021-25107 (The Form Store to DB WordPress plugin before 1.1.1 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator WordPre ...) NOT-FOR-US: WordPress plugin CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...) @@ -53642,7 +53642,7 @@ CVE-2021-25052 (The Button Generator WordPress plugin before 2.3.3 within the wo CVE-2021-25051 (The Modal Window WordPress plugin before 5.2.2 within the wow-company ...) NOT-FOR-US: WordPress plugin CVE-2021-25050 (The Remove Footer Credit WordPress plugin before 1.0.11 does properly ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25049 (The Mobile Events Manager WordPress plugin before 1.4.4 does not sanit ...) NOT-FOR-US: WordPress plugin CVE-2021-25048 @@ -53676,7 +53676,7 @@ CVE-2021-25035 (The Backup and Staging by WP Time Capsule WordPress plugin befor CVE-2021-25034 RESERVED CVE-2021-25033 (The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25032 (The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPr ...) NOT-FOR-US: WordPress plugin CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Co ...) @@ -53706,7 +53706,7 @@ CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before CVE-2021-25019 RESERVED CVE-2021-25018 (The PPOM for WooCommerce WordPress plugin before 24.0 does not have au ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25017 (The Tutor LMS WordPress plugin before 1.9.12 does not escape the searc ...) NOT-FOR-US: WordPress plugin CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...) @@ -53714,7 +53714,7 @@ CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress CVE-2021-25015 (The myCred WordPress plugin before 2.4 does not sanitise and escape th ...) NOT-FOR-US: WordPress plugin CVE-2021-25014 (The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25013 (The Qubely WordPress plugin before 1.7.8 does not have authorisation a ...) NOT-FOR-US: WordPress plugin CVE-2021-25012 @@ -53934,7 +53934,7 @@ CVE-2021-24906 (The Protect WP Admin WordPress plugin before 3.6.2 does not chec CVE-2021-24905 RESERVED CVE-2021-24904 (The Mortgage Calculators WP WordPress plugin before 1.56 does not impl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24903 RESERVED CVE-2021-24902 (The Typebot | Build beautiful conversational forms WordPress plugin be ...) @@ -53994,7 +53994,7 @@ CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin befor CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...) NOT-FOR-US: WordPress plugin CVE-2021-24874 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24873 (The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24872 (The Get Custom Field Values WordPress plugin before 4.0 allows users w ...) @@ -54850,7 +54850,7 @@ CVE-2021-24448 (The User Registration & User Profile – Profile Builder CVE-2021-24447 (The WP Image Zoom WordPress plugin before 1.47 did not validate its ta ...) NOT-FOR-US: WordPress plugin CVE-2021-24446 (The Remove Footer Credit WordPress plugin before 1.0.6 does not have C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24445 (The My Site Audit WordPress plugin through 1.2.4 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24444 (The TaxoPress – Create and Manage Taxonomies, Tags, Categories W ...) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 8858efa23d..2e60cb9a0f 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -4735,7 +4735,7 @@ CVE-2022-23369 CVE-2022-23368 RESERVED CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site scriptin ...) - TODO: check + NOT-FOR-US: Fulusso CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...) NOT-FOR-US: HMS (Hospital Managment System) CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...) @@ -5245,7 +5245,7 @@ CVE-2022-0216 CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) NOT-FOR-US: WordPress plugin CVE-2022-0214 (The Popup | Custom Popup Builder WordPress plugin before 1.3.1 autoloa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim <unfixed> [bullseye] - vim <no-dsa> (Minor issue) @@ -5253,7 +5253,7 @@ CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow ...) NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074) CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0211 RESERVED CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) @@ -5334,12 +5334,12 @@ CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross- CVE-2022-0209 RESERVED CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0207 RESERVED - vdsm <itp> (bug #668538) CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0205 RESERVED CVE-2022-0204 [Heap overflow vulnerability in the implementation of the gatt protocol] @@ -5356,9 +5356,9 @@ CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crate CVE-2022-0202 RESERVED CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0199 RESERVED CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...) @@ -5541,17 +5541,17 @@ CVE-2022-21134 (A firmware update vulnerability exists in the &quot;update&a CVE-2022-0194 RESERVED CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0192 RESERVED CVE-2022-0191 RESERVED CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0189 RESERVED CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0187 RESERVED CVE-2022-0186 @@ -6144,7 +6144,7 @@ CVE-2022-22856 CVE-2022-22855 RESERVED CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...) - TODO: check + NOT-FOR-US: Hospital Patient Record Management System CVE-2022-22853 RESERVED CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) @@ -6158,7 +6158,7 @@ CVE-2022-22849 CVE-2022-22149 RESERVED CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0175 [memory initialization issue in vrend_resource_alloc_buffer() can lead to info leak] RESERVED - virglrenderer <unfixed> @@ -9327,7 +9327,7 @@ CVE-2022-21661 (WordPress is a free and open-source content management system wr NOTE: https://hackerone.com/reports/1378209 NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...) - TODO: check + NOT-FOR-US: Gin-vue-admin CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...) - flask-appbuilder <itp> (bug #998029) NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f |