From 3d1c6b1133f37966cc8ba065078b08ad5f1a1dd6 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 26 Jan 2022 09:40:04 +0100 Subject: Process some more new NFUs --- data/CVE/list.2021 | 34 +++++++++++++++++----------------- data/CVE/list.2022 | 14 +++++++------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 6cdc75ac18..5d179db237 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1,7 +1,7 @@ CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) - TODO: check + NOT-FOR-US: Moxa CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) - TODO: check + NOT-FOR-US: Moxa CVE-2021-4215 RESERVED CVE-2021-4214 @@ -1034,7 +1034,7 @@ CVE-2021-46115 CVE-2021-46114 RESERVED CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...) - TODO: check + NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source CVE-2021-46112 RESERVED CVE-2021-46111 @@ -1082,15 +1082,15 @@ CVE-2021-46091 CVE-2021-46090 RESERVED CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...) - TODO: check + NOT-FOR-US: JeecgBoot CVE-2021-46088 RESERVED CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the ...) - TODO: check + NOT-FOR-US: jfinal_cms CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The fron ...) - TODO: check + NOT-FOR-US: xzs-mysql CVE-2021-46085 (OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level a ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) TODO: check CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) @@ -1234,9 +1234,9 @@ CVE-2021-46036 CVE-2021-46035 RESERVED CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...) - TODO: check + NOT-FOR-US: ForestBlog CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass verification. ...) - TODO: check + NOT-FOR-US: ForestBlog CVE-2021-46032 RESERVED CVE-2021-46031 @@ -1907,9 +1907,9 @@ CVE-2021-45805 CVE-2021-45804 RESERVED CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...) - TODO: check + NOT-FOR-US: MartDevelopers iResturant CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...) - TODO: check + NOT-FOR-US: MartDevelopers iResturant CVE-2021-45801 RESERVED CVE-2021-45800 @@ -3331,15 +3331,15 @@ CVE-2021-45228 CVE-2021-45227 RESERVED CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...) - TODO: check + NOT-FOR-US: COINS Construction Cloud CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...) - TODO: check + NOT-FOR-US: COINS Construction Cloud CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several ...) - TODO: check + NOT-FOR-US: COINS Construction Cloud CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...) - TODO: check + NOT-FOR-US: COINS Construction Cloud CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...) - TODO: check + NOT-FOR-US: COINS Construction Cloud CVE-2021-45221 RESERVED CVE-2021-45220 @@ -4021,7 +4021,7 @@ CVE-2021-44983 CVE-2021-44982 RESERVED CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...) - TODO: check + NOT-FOR-US: QuickBox Pro CVE-2021-44980 RESERVED CVE-2021-44979 diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 90b2f3b46d..ceb76a8a34 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -65,9 +65,9 @@ CVE-2022-23947 CVE-2022-23946 RESERVED CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...) - TODO: check + NOT-FOR-US: Apache ShenYu Admin CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...) - TODO: check + NOT-FOR-US: Apache ShenYu Admin CVE-2022-23943 RESERVED CVE-2022-23942 @@ -1843,7 +1843,7 @@ CVE-2022-23260 CVE-2022-23259 RESERVED CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-23257 RESERVED CVE-2022-23256 @@ -1913,7 +1913,7 @@ CVE-2022-23225 CVE-2022-23224 RESERVED CVE-2022-23223 (The HTTP response will disclose the user password. This issue affected ...) - TODO: check + NOT-FOR-US: Apache ShenYu Admin CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) - h2database NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210 @@ -2516,11 +2516,11 @@ CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4 CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2022-23013 (On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, ...) @@ -2532,7 +2532,7 @@ CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 1 CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...) NOT-FOR-US: F5 BIG-IP CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...) - TODO: check + NOT-FOR-US: F5 BIG-IP CVE-2022-23007 RESERVED CVE-2022-23006 -- cgit v1.2.3