From 126e723d73bdb9676a626e025288fec5058f9b8d Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 18 Feb 2022 09:59:16 +0100 Subject: Process NFUs --- data/CVE/list.2014 | 2 +- data/CVE/list.2021 | 12 ++++++------ data/CVE/list.2022 | 18 +++++++++--------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/data/CVE/list.2014 b/data/CVE/list.2014 index 118524ff63..2a1783abae 100644 --- a/data/CVE/list.2014 +++ b/data/CVE/list.2014 @@ -5196,7 +5196,7 @@ CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtim CVE-2014-8599 RESERVED CVE-2014-8597 (A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.0 ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow rem ...) NOT-FOR-US: PHP-Fusion CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index d165c8b0c3..78ec0438e7 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -878,9 +878,9 @@ CVE-2021-46317 CVE-2021-46316 RESERVED CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...) - gpac [bullseye] - gpac (Minor issue) @@ -1403,7 +1403,7 @@ CVE-2021-46110 CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...) NOT-FOR-US: ASUS CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-46107 RESERVED CVE-2021-46106 @@ -3378,7 +3378,7 @@ CVE-2021-45384 CVE-2021-45383 RESERVED CVE-2021-45382 (A Remote Command Execution (RCE) vulnerability exists in all series H/ ...) - TODO: check + NOT-FOR-US: D-Link CVE-2021-45381 RESERVED CVE-2021-45380 (AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_h ...) @@ -49418,7 +49418,7 @@ CVE-2021-26728 CVE-2021-26727 RESERVED CVE-2021-26726 (A remote code execution vulnerability affecting a Valmet DNA service l ...) - TODO: check + NOT-FOR-US: Valmet CVE-2021-26725 (Path Traversal vulnerability when changing timezone using web GUI of N ...) NOT-FOR-US: Nozomi Networks Guardian CVE-2021-26724 (OS Command Injection vulnerability when changing date settings or host ...) @@ -51561,7 +51561,7 @@ CVE-2021-3244 CVE-2021-3243 (Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: Wfilter ICF CVE-2021-3242 (DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: DuxCMS CVE-2021-3241 RESERVED CVE-2021-3240 diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 694a084145..2067543526 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -3,15 +3,15 @@ CVE-2022-25323 CVE-2022-25322 RESERVED CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...) - TODO: check + NOT-FOR-US: Cerebrate CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...) - TODO: check + NOT-FOR-US: Cerebrate CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints could be o ...) - TODO: check + NOT-FOR-US: Cerebrate CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect sharing ...) - TODO: check + NOT-FOR-US: Cerebrate CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm allows r ...) - TODO: check + NOT-FOR-US: Cerebrate CVE-2022-25316 RESERVED CVE-2022-25312 @@ -4646,7 +4646,7 @@ CVE-2022-23633 (Action Pack is a framework for handling and responding to web re NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1) NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2) CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...) - TODO: check + NOT-FOR-US: Traefik CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...) TODO: check CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...) @@ -6603,7 +6603,7 @@ CVE-2022-22924 CVE-2022-22923 RESERVED CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovere ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2022-22921 RESERVED CVE-2022-22920 @@ -6615,11 +6615,11 @@ CVE-2022-22918 CVE-2022-22917 RESERVED CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vu ...) - TODO: check + NOT-FOR-US: O2OA CVE-2022-22915 RESERVED CVE-2022-22914 (An incorrect access control issue in the component FileManager of Ovid ...) - TODO: check + NOT-FOR-US: Ovidentia CMS CVE-2022-22913 RESERVED CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4 ...) -- cgit v1.2.3