From 554655a4de92634a8d521ce2ab254e01c2df2092 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 29 Jan 2020 21:36:43 +0100 Subject: Process some NFUs --- data/CVE/list.2012 | 4 ++-- data/CVE/list.2013 | 48 ++++++++++++++++++++++++------------------------ data/CVE/list.2014 | 4 ++-- data/CVE/list.2018 | 2 +- data/CVE/list.2019 | 22 +++++++++++----------- data/CVE/list.2020 | 34 +++++++++++++++++----------------- 6 files changed, 57 insertions(+), 57 deletions(-) diff --git a/data/CVE/list.2012 b/data/CVE/list.2012 index 5c3ba2bde2..664fd98446 100644 --- a/data/CVE/list.2012 +++ b/data/CVE/list.2012 @@ -333,9 +333,9 @@ CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor CVE-2012-6611 RESERVED CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...) - TODO: check + NOT-FOR-US: Polycom HDX Video End Points CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video ...) - TODO: check + NOT-FOR-US: Polycom HDX Video End Points CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in ...) NOT-FOR-US: Elastix CVE-2012-6607 (The transform_save function in transform.c in Augeas before 1.0.0 allo ...) diff --git a/data/CVE/list.2013 b/data/CVE/list.2013 index 1e76a5a896..721d68aab2 100644 --- a/data/CVE/list.2013 +++ b/data/CVE/list.2013 @@ -6724,15 +6724,15 @@ CVE-2013-4867 (Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python mod CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android h ...) NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android CVE-2013-4865 (Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in ...) - TODO: check + NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4864 (MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to ...) - TODO: check + NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4863 (The HomeAutomationGateway service in MiCasaVerde VeraLite with firmwar ...) - TODO: check + NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4862 (MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict ...) - TODO: check + NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4861 (Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasa ...) - TODO: check + NOT-FOR-US: MiCasaVerde VeraLite CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does n ...) NOT-FOR-US: Radio Thermostat CVE-2013-4859 (INSTEON Hub 2242-222 lacks Web and API authentication ...) @@ -10514,9 +10514,9 @@ CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4. CVE-2013-3494 RESERVED CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...) - TODO: check + NOT-FOR-US: XnView CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...) - TODO: check + NOT-FOR-US: XnView CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Shar ...) NOT-FOR-US: WordPress plugin sharebar CVE-2013-3490 @@ -11139,13 +11139,13 @@ CVE-2013-3217 CVE-2013-3216 RESERVED CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerab ...) - TODO: check + NOT-FOR-US: vtiger CRM CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...) - TODO: check + NOT-FOR-US: vtiger CRM CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...) NOT-FOR-US: vTiger CRM CVE-2013-3212 (vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilitie ...) - TODO: check + NOT-FOR-US: vtiger CRM CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...) NOT-FOR-US: Opera CVE-2013-3210 (Opera before 12.15 does not properly block top-level domains in Set-Co ...) @@ -11383,7 +11383,7 @@ CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-L CVE-2013-3094 RESERVED CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...) - TODO: check + NOT-FOR-US: ASUS RT-N56U devices CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...) NOT-FOR-US: Belkin router CVE-2013-3091 @@ -11428,13 +11428,13 @@ CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initi CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Comp ...) NOT-FOR-US: Mitsubishi MX Component 3 CVE-2013-3074 (NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow rem ...) - TODO: check + NOT-FOR-US: NetGear WNDR4700 Media Server devices CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 F ...) NOT-FOR-US: NETGEAR CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4 ...) NOT-FOR-US: NETGEAR CVE-2013-3071 (NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authenti ...) - TODO: check + NOT-FOR-US: NETGEAR Centria WNDR4700 devices CVE-2013-3070 (An Information Disclosure vulnerability exists in Netgear WNDR4700 run ...) NOT-FOR-US: NETGEAR CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR470 ...) @@ -12291,7 +12291,7 @@ CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in e107_plugins/content/ CVE-2013-2749 REJECTED CVE-2013-2748 (Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote att ...) - TODO: check + NOT-FOR-US: Belkin CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite Ver ...) NOT-FOR-US: Courion Access Risk Management Suite CVE-2013-2746 @@ -12365,7 +12365,7 @@ CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "random CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the Sear ...) NOT-FOR-US: Drupal module search_api CVE-2013-2714 (Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 coul ...) - TODO: check + NOT-FOR-US: WordPress podPress Plugin CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...) NOT-FOR-US: KrisonAV CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php i ...) @@ -12587,7 +12587,7 @@ CVE-2013-2614 CVE-2013-2613 RESERVED CVE-2013-2612 (Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.20 ...) - TODO: check + NOT-FOR-US: Huawei CVE-2013-2611 RESERVED CVE-2013-2610 @@ -12670,19 +12670,19 @@ CVE-2013-2575 CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insuf ...) NOT-FOR-US: Foscam CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to the /c ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...) TODO: check CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) - TODO: check + NOT-FOR-US: Zavio CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...) - TODO: check + NOT-FOR-US: Zavio CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) - TODO: check + NOT-FOR-US: Zavio CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web interface in ...) - TODO: check + NOT-FOR-US: Zavio CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has m ...) NOTE: Generic protocol flaw in RC4 CVE-2013-2565 (A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, edit ...) @@ -15875,9 +15875,9 @@ CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficien CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...) TODO: check CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...) - TODO: check + NOT-FOR-US: D-Link CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...) - TODO: check + NOT-FOR-US: D-Link CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras ...) NOT-FOR-US: Vivotek PT7135 IP Cameras CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...) diff --git a/data/CVE/list.2014 b/data/CVE/list.2014 index 992541ec79..4b26b34674 100644 --- a/data/CVE/list.2014 +++ b/data/CVE/list.2014 @@ -5564,7 +5564,7 @@ CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in assets/mis CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote at ...) NOT-FOR-US: Grand Flagallery plugin for WordPress CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9 ...) - TODO: check + NOT-FOR-US: TennisConnect COMPONENTS CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attacke ...) {DSA-3130-1} - lsyncd 2.1.5-2 (low; bug #767227) @@ -18185,7 +18185,7 @@ CVE-2014-3447 (BSS Continuity CMS 4.2.22640.0 has a Remote Denial Of Service vul CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in ...) NOT-FOR-US: BSS Continuity CMS CVE-2014-3445 (backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require ...) - TODO: check + NOT-FOR-US: HandsomeWeb SOS Webpages CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...) {DSA-2934-1} - python-django 1.6.5-1 diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 4734a15c7d..0cb57b7b76 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -4776,7 +4776,7 @@ CVE-2018-19444 (A use after free in the TextBox field Validate action in IReader CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...) NOT-FOR-US: Neato Botvac Connected CVE-2018-19441 (An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateR ...) - TODO: check + NOT-FOR-US: Neato Botvac Connected CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...) NOT-FOR-US: ARM Trusted Firmware-A CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global Deskt ...) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 6a7ea8e831..649d6c060c 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -522,11 +522,11 @@ CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH s [jessie] - sqlite3 (Minor issue) NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387 CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-20216 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-20215 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) - TODO: check + NOT-FOR-US: D-Link CVE-2019-20214 RESERVED CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...) @@ -2358,7 +2358,7 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in s [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...) - TODO: check + NOT-FOR-US: Idelji Web ViewPoint CVE-2019-19538 RESERVED CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...) @@ -6777,7 +6777,7 @@ CVE-2019-17653 CVE-2019-17652 RESERVED CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...) - TODO: check + NOT-FOR-US: FortiSIEM CVE-2019-17650 (An Improper Neutralization of Special Elements used in a Command vulne ...) NOT-FOR-US: Fortiguard CVE-2019-17649 @@ -8133,7 +8133,7 @@ CVE-2019-17098 CVE-2019-17097 RESERVED CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of Bitdefe ...) - TODO: check + NOT-FOR-US: Bitdefender BOX 2 CVE-2019-17095 (A command injection vulnerability has been discovered in the bootstrap ...) NOT-FOR-US: Bitdefender BOX 2 CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in libbelkin_api.so compon ...) @@ -17288,11 +17288,11 @@ CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the in CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the ...) NOT-FOR-US: EZ PLC Editor CVE-2019-13521 (A maliciously crafted program file opened by an unsuspecting user of R ...) - TODO: check + NOT-FOR-US: Rockwell CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...) NOT-FOR-US: Fuji Electric CVE-2019-13519 (A maliciously crafted program file opened by an unsuspecting user of R ...) - TODO: check + NOT-FOR-US: Rockwell CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...) NOT-FOR-US: EZAutomation CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...) @@ -32661,7 +32661,7 @@ CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) i CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...) NOT-FOR-US: UltraVNC CVE-2019-8257 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...) NOT-FOR-US: ColdFusion CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...) @@ -35367,7 +35367,7 @@ CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnera CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...) NOT-FOR-US: Adobe CVE-2019-7131 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...) NOT-FOR-US: Adobe CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...) @@ -37874,7 +37874,7 @@ CVE-2019-6038 CVE-2019-6037 RESERVED CVE-2019-6036 (Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 p ...) - TODO: check + NOT-FOR-US: F-RevoCRM CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...) NOT-FOR-US: Athenz CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index b4160dc0e9..5ac0429304 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -31,7 +31,7 @@ CVE-2020-8418 CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial of serv ...) - TODO: check + NOT-FOR-US: BearFTP CVE-2020-8415 RESERVED CVE-2020-8414 @@ -683,9 +683,9 @@ CVE-2020-8095 CVE-2020-8094 RESERVED CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) - TODO: check + NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) - TODO: check + NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) @@ -944,7 +944,7 @@ CVE-2020-7967 CVE-2020-7966 RESERVED CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) - TODO: check + NOT-FOR-US: webargs CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) NOT-FOR-US: Mirumee Saleor CVE-2020-7963 @@ -6558,7 +6558,7 @@ CVE-2020-5229 CVE-2020-5228 RESERVED CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...) - TODO: check + NOT-FOR-US: Feedgen CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...) - simplesamlphp 1.18.4-1 [buster] - simplesamlphp (Vulnerable code introduced later) @@ -6626,7 +6626,7 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i CVE-2020-5208 RESERVED CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) - TODO: check + NOT-FOR-US: Ktor CVE-2020-5206 RESERVED CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...) @@ -9530,7 +9530,7 @@ CVE-2020-3760 CVE-2020-3759 RESERVED CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) - TODO: check + NOT-FOR-US: Magento CVE-2020-3757 RESERVED CVE-2020-3756 @@ -9608,25 +9608,25 @@ CVE-2020-3721 CVE-2020-3720 RESERVED CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) - TODO: check + NOT-FOR-US: Magento CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) - TODO: check + NOT-FOR-US: Magento CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) - TODO: check + NOT-FOR-US: Magento CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) - TODO: check + NOT-FOR-US: Magento CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) - TODO: check + NOT-FOR-US: Magento CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) - TODO: check + NOT-FOR-US: Adobe CVE-2020-3709 RESERVED CVE-2020-3708 -- cgit v1.2.3