From 65e290336f240db4b8050a05ba52b9715359ea1c Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 5 Mar 2021 21:24:56 +0100 Subject: Process some NFUs --- data/CVE/list.2019 | 2 +- data/CVE/list.2020 | 12 ++++++------ data/CVE/list.2021 | 28 ++++++++++++++-------------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 49b7b97915..f35c0604f6 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -6199,7 +6199,7 @@ CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 CVE-2019-18631 (The Windows component of Centrify Authentication and Privilege Elevati ...) NOT-FOR-US: Centrify Authentication and Privilege Elevation Services CVE-2019-18630 (On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/ ...) - TODO: check + NOT-FOR-US: Xerox CVE-2019-18629 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...) NOT-FOR-US: Xerox CVE-2019-18628 (Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C80 ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 61b45d906e..0d72bba560 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1565,7 +1565,7 @@ CVE-2020-35596 CVE-2020-35595 RESERVED CVE-2020-35594 (Zoho ManageEngine ADManager Plus before 7066 allows XSS. ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2020-35593 RESERVED CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...) @@ -2796,7 +2796,7 @@ CVE-2020-29660 (A locking inconsistency issue was discovered in the tty subsyste CVE-2020-29659 (A buffer overflow in the web server of Flexense DupScout Enterprise 10 ...) NOT-FOR-US: Flexense DupScout Enterprise CVE-2020-29658 (Zoho ManageEngine Application Control Plus before 100523 has an insecu ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...) - iotjs (bug #977736; unimportant) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244 @@ -4041,7 +4041,7 @@ CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force CVE-2020-29135 (cPanel before 90.0.17 has multiple instances of URL parameter injectio ...) NOT-FOR-US: cPanel CVE-2020-29134 (TOTVS Fluig Luke 1.7.0 allows directory traversal via a base64 encoded ...) - TODO: check + NOT-FOR-US: TOTVS Fluig Luke CVE-2020-29133 (jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal ...) NOT-FOR-US: Coremail XT CVE-2020-29132 @@ -4262,7 +4262,7 @@ CVE-2020-29034 CVE-2020-29033 RESERVED CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in firmware archi ...) - TODO: check + NOT-FOR-US: Secomea GateManager CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...) NOT-FOR-US: GateManager CVE-2020-29030 @@ -6451,7 +6451,7 @@ CVE-2020-28052 (An issue was discovered in Legion of the Bouncy Castle BC Java 1 CVE-2020-28051 RESERVED CVE-2020-28050 (Zoho ManageEngine Desktop Central before build 10.0.647 allows a singl ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly starts t ...) {DSA-4783-1 DLA-2436-1} - sddm 0.19.0-1 (bug #973748) @@ -59434,7 +59434,7 @@ CVE-2020-5150 CVE-2020-5149 RESERVED CVE-2020-5148 (SonicWall SSO-agent default configuration uses NetAPI to probe the ass ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2020-5147 (SonicWall NetExtender Windows client vulnerable to unquoted service pa ...) NOT-FOR-US: SonicWall CVE-2020-5146 (A vulnerability in SonicWall SMA100 appliance allow an authenticated m ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 1ecaf0d179..13f6346e15 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -2258,29 +2258,29 @@ CVE-2021-26973 CVE-2021-26972 RESERVED CVE-2021-26971 (A remote authenticated arbitrary command execution vulnerability was d ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26970 (A remote authenticated arbitrary command execution vulnerability was d ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26969 (A remote authenticated authenticated xml external entity (xxe) vulnera ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26968 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26967 (A remote reflected cross-site scripting (xss) vulnerability was discov ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26966 (A remote authenticated sql injection vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26965 (A remote authenticated sql injection vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26964 (A remote authentication restriction bypass vulnerability was discovere ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26963 (A remote authenticated arbitrary command execution vulnerability was d ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26962 (A remote authenticated arbitrary command execution vulnerability was d ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26961 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26960 (A remote unauthenticated cross-site request forgery (csrf) vulnerabili ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-26959 REJECTED CVE-2021-26958 (An issue was discovered in the xcb crate through 2021-02-04 for Rust. ...) @@ -2880,7 +2880,7 @@ CVE-2021-26707 CVE-2021-26706 RESERVED CVE-2021-26705 (An issue was discovered in SquareBox CatDV Server through 9.2. An atta ...) - TODO: check + NOT-FOR-US: SquareBox CatDV Server CVE-2021-26704 (EPrints 3.4.2 allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: EPrints CVE-2021-26703 (EPrints 3.4.2 allows remote attackers to read arbitrary files and poss ...) @@ -13774,7 +13774,7 @@ CVE-2021-21727 CVE-2021-21726 RESERVED CVE-2021-21725 (A ZTE product has an information leak vulnerability. An attacker with ...) - TODO: check + NOT-FOR-US: ZTE CVE-2021-21724 (A ZTE product has a memory leak vulnerability. Due to the product's im ...) NOT-FOR-US: ZTE CVE-2021-21723 (Some ZTE products have a DoS vulnerability. Due to the improper handli ...) -- cgit v1.2.3