From 0df1837dd50d28b157457c1462ac69913482fd8a Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 26 Nov 2021 21:42:25 +0100 Subject: Process several NFUs --- data/CVE/list.2020 | 2 +- data/CVE/list.2021 | 28 ++++++++++++++-------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index cbe9849006..78856f100d 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -54759,7 +54759,7 @@ CVE-2020-7883 CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...) NOT-FOR-US: anySign CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...) - TODO: check + NOT-FOR-US: AfreecaTV CVE-2020-7880 RESERVED CVE-2020-7879 diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 917bd13037..0a26d14cf3 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1070,7 +1070,7 @@ CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLP CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...) NOT-FOR-US: Redash CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...) - TODO: check + NOT-FOR-US: Backstage CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...) NOT-FOR-US: Aim CVE-2021-3967 @@ -6861,7 +6861,7 @@ CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/ CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected ...) NOT-FOR-US: Sharetribe Go CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...) - TODO: check + NOT-FOR-US: BaserCMS CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...) NOT-FOR-US: EdgeX CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...) @@ -6951,7 +6951,7 @@ CVE-2021-41245 CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...) - grafana CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2021-41242 RESERVED CVE-2021-41241 @@ -7924,7 +7924,7 @@ CVE-2021-40835 CVE-2021-40834 RESERVED CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) - TODO: check + NOT-FOR-US: F-Secure CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) NOT-FOR-US: F-Secure CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...) @@ -13015,9 +13015,9 @@ CVE-2021-38688 CVE-2021-38687 RESERVED CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38683 @@ -17285,7 +17285,7 @@ CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Appl CVE-2021-36920 RESERVED CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36918 RESERVED CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated ...) @@ -17437,7 +17437,7 @@ CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnera CVE-2021-36844 RESERVED CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-36842 RESERVED CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...) @@ -17509,7 +17509,7 @@ CVE-2021-36809 CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...) NOT-FOR-US: Sophos CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...) - TODO: check + NOT-FOR-US: Sophos CVE-2021-36806 RESERVED CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) @@ -29355,7 +29355,7 @@ CVE-2021-31824 CVE-2021-31823 RESERVED CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating system, the sy ...) - TODO: check + NOT-FOR-US: Octopus Tentacle CVE-2021-31821 RESERVED CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...) @@ -42049,7 +42049,7 @@ CVE-2021-26617 CVE-2021-26616 RESERVED CVE-2021-26615 (ARK library allows attackers to execute remote code via the parameter( ...) - TODO: check + NOT-FOR-US: ARK library CVE-2021-26614 (ius_get.cgi in IpTime C200 camera allows remote code execution. A remo ...) NOT-FOR-US: IpTime C200 camera CVE-2021-26613 @@ -42057,7 +42057,7 @@ CVE-2021-26613 CVE-2021-26612 RESERVED CVE-2021-26611 (HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnera ...) - TODO: check + NOT-FOR-US: HejHome GKW-IC052 IP Camera CVE-2021-26610 (The move_uploaded_file function in godomall5 does not perform an integ ...) NOT-FOR-US: godomall5 CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...) @@ -45519,7 +45519,7 @@ CVE-2021-25271 (A local attacker could read or write arbitrary files with admini CVE-2021-25270 (A local attacker could execute arbitrary code with administrator privi ...) NOT-FOR-US: HitmanPro CVE-2021-25269 (A local administrator could prevent the HMPA service from starting des ...) - TODO: check + NOT-FOR-US: Sophos CVE-2021-25268 RESERVED CVE-2021-25267 @@ -55799,7 +55799,7 @@ CVE-2021-20837 (Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movab CVE-2021-20836 (Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0 ...) NOT-FOR-US: CX-Supervisor CVE-2021-20835 (Improper authorization in handler for custom URL scheme vulnerability ...) - TODO: check + NOT-FOR-US: Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' CVE-2021-20834 (Improper authorization in handler for custom URL scheme vulnerability ...) NOT-FOR-US: Nike App CVE-2021-20833 (The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not ...) -- cgit v1.2.3