From 0562dea58ea29a5c33afc7e18fe15ff848760370 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 18 Feb 2022 21:41:51 +0100 Subject: Process several NFUs --- data/CVE/list.2021 | 14 +++++++------- data/CVE/list.2022 | 38 +++++++++++++++++++------------------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index d1cb482c95..1bde18ce41 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1601,9 +1601,9 @@ CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unli NOTE: https://github.com/gpac/gpac/issues/2000 NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...) - TODO: check + NOT-FOR-US: MCMS CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...) - TODO: check + NOT-FOR-US: MCMS CVE-2021-46035 RESERVED CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...) @@ -3336,7 +3336,7 @@ CVE-2021-45402 (The check_alu_op() function in kernel/bpf/verifier.c in the Linu NOTE: https://git.kernel.org/linus/b1a7288dedc6caf9023f2676b4f5ed34cf0d4029 NOTE: https://git.kernel.org/linus/e572ff80f05c33cd0cb4860f864f5c9c044280b6 CVE-2021-45401 (A Command injection vulnerability exists in Tenda AC10U AC1200 Smart D ...) - TODO: check + NOT-FOR-US: Tenda CVE-2021-45400 RESERVED CVE-2021-45399 @@ -4496,7 +4496,7 @@ CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting ( CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...) NOT-FOR-US: Taocms CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...) - TODO: check + NOT-FOR-US: IOBit Advanced SystemCare CVE-2021-44967 RESERVED CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...) @@ -39635,7 +39635,7 @@ CVE-2021-30652 (A race condition was addressed with additional validation. This CVE-2021-30651 RESERVED CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...) - TODO: check + NOT-FOR-US: Symantec CVE-2021-30649 RESERVED CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...) @@ -49701,9 +49701,9 @@ CVE-2021-26621 CVE-2021-26620 RESERVED CVE-2021-26619 (An path traversal vulnerability leading to delete arbitrary files was ...) - TODO: check + NOT-FOR-US: BigFileAgent CVE-2021-26618 (An improper input validation leading to arbitrary file creation was di ...) - TODO: check + NOT-FOR-US: ToWord of ToOffice CVE-2021-26617 RESERVED CVE-2021-26616 (An OS command injection was found in SecuwaySSL, when special characte ...) diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index b432fb3193..80d7e7db32 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1,9 +1,9 @@ CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) - TODO: check + NOT-FOR-US: Ibexa CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) - TODO: check + NOT-FOR-US: Ibexa CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...) - TODO: check + NOT-FOR-US: RigoBlock Dragos CVE-2022-25334 RESERVED CVE-2022-25333 @@ -41,9 +41,9 @@ CVE-2022-0678 CVE-2022-0677 RESERVED CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS. ...) - TODO: check + NOT-FOR-US: ZEROF Web Server CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection. ...) - TODO: check + NOT-FOR-US: ZEROF Web Server CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...) NOT-FOR-US: Cerebrate CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...) @@ -95,9 +95,9 @@ CVE-2022-21158 CVE-2022-0674 RESERVED CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...) - TODO: check + NOT-FOR-US: LemMinX CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...) - TODO: check + NOT-FOR-US: LemMinX CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...) TODO: check CVE-2022-0670 @@ -109,11 +109,11 @@ CVE-2022-0668 CVE-2022-0667 RESERVED CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0665 RESERVED CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...) - TODO: check + NOT-FOR-US: Go github.com/gravitl/netmaker CVE-2022-0663 RESERVED CVE-2022-0662 @@ -121,7 +121,7 @@ CVE-2022-0662 CVE-2022-0661 RESERVED CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0659 RESERVED CVE-2022-0658 @@ -3708,9 +3708,9 @@ CVE-2022-23984 CVE-2022-23983 RESERVED CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...) NOT-FOR-US: WordPress plugin CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) @@ -4231,11 +4231,11 @@ CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6. CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...) NOT-FOR-US: TransmitMail CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) - TODO: check + NOT-FOR-US: Airspan Networks CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) - TODO: check + NOT-FOR-US: Airspan Networks CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) - TODO: check + NOT-FOR-US: Airspan Networks CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) - moodle CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) @@ -7426,7 +7426,7 @@ CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5. NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/ NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0) CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) - TODO: check + NOT-FOR-US: Airspan Networks CVE-2022-0137 RESERVED CVE-2022-0136 @@ -8899,11 +8899,11 @@ CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocati CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...) NOT-FOR-US: Juniper CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) - TODO: check + NOT-FOR-US: Airspan Networks CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...) - TODO: check + NOT-FOR-US: Airspan Networks CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) - TODO: check + NOT-FOR-US: Airspan Networks CVE-2022-21155 RESERVED CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...) -- cgit v1.2.3