From 9e4f0ba9800fbe97bd7b41a1704e86299183f209 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 15 Oct 2021 22:47:47 +0200 Subject: Process some NFUs --- data/CVE/list.2018 | 4 +-- data/CVE/list.2021 | 98 +++++++++++++++++++++++++++--------------------------- 2 files changed, 51 insertions(+), 51 deletions(-) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index f38029d1c5..53262e9a75 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -14121,9 +14121,9 @@ CVE-2018-16062 (dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils befo NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23541 NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9 CVE-2018-16061 (Mitsubishi Electric SmartRTU devices allow XSS via the username parame ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2018-16060 (Mitsubishi Electric SmartRTU devices allow remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Director ...) NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the ...) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index db29a99ed1..1282b1255b 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -459,21 +459,21 @@ CVE-2021-42338 CVE-2021-42337 RESERVED CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...) - TODO: check + NOT-FOR-US: Easytest CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...) - TODO: check + NOT-FOR-US: Easytest CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...) - TODO: check + NOT-FOR-US: Easytest CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...) - TODO: check + NOT-FOR-US: Easytest CVE-2021-42332 (The “List View” function of ShinHer StudyOnline System is ...) - TODO: check + NOT-FOR-US: ShinHer StudyOnline System CVE-2021-42331 (The “Study Edit” function of ShinHer StudyOnline System do ...) - TODO: check + NOT-FOR-US: ShinHer StudyOnline System CVE-2021-42330 (The “Teacher Edit” function of ShinHer StudyOnline System ...) - TODO: check + NOT-FOR-US: ShinHer StudyOnline System CVE-2021-42329 (The “List_Add” function of message board of ShinHer StudyO ...) - TODO: check + NOT-FOR-US: ShinHer StudyOnline System CVE-2021-42328 RESERVED CVE-2021-42327 @@ -942,7 +942,7 @@ CVE-2021-42111 CVE-2021-42110 RESERVED CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) - TODO: check + NOT-FOR-US: bookstack CVE-2021-3873 RESERVED CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...) @@ -2744,7 +2744,7 @@ CVE-2021-41322 (Polycom VVX 400/410 version 5.3.1 allows low-privileged users to CVE-2021-41321 RESERVED CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...) - TODO: check + NOT-FOR-US: Wallstreet Suite TRM CVE-2021-41319 RESERVED CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...) @@ -3126,9 +3126,9 @@ CVE-2021-41150 CVE-2021-41149 RESERVED CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2021-41146 RESERVED CVE-2021-41145 @@ -3466,33 +3466,33 @@ CVE-2021-41001 CVE-2021-41000 RESERVED CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-3800 RESERVED CVE-2021-40985 @@ -4100,13 +4100,13 @@ CVE-2021-40733 CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) NOT-FOR-US: Adobe CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-40727 RESERVED CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) @@ -4114,15 +4114,15 @@ CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.00 CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-40723 RESERVED CVE-2021-40722 RESERVED CVE-2021-40721 (Adobe Connect version 11.2.2 (and earlier) is affected by a reflected ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-40719 RESERVED CVE-2021-40718 @@ -6114,7 +6114,7 @@ CVE-2021-39866 (A business logic error in the project deletion process in GitLab CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) NOT-FOR-US: Adobe CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...) - TODO: check + NOT-FOR-US: Adobe CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) NOT-FOR-US: Adobe CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) @@ -7276,7 +7276,7 @@ CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...) NOT-FOR-US: WordPress plugin CVE-2021-39349 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39348 RESERVED CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) @@ -7284,9 +7284,9 @@ CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capabil CVE-2021-39346 RESERVED CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39343 RESERVED CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) @@ -7298,19 +7298,19 @@ CVE-2021-39340 CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...) NOT-FOR-US: WordPress plugin CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39333 RESERVED CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39331 RESERVED CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...) @@ -9524,9 +9524,9 @@ CVE-2021-38434 CVE-2021-38433 RESERVED CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...) - TODO: check + NOT-FOR-US: FATEK Automation Communication Server CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...) - TODO: check + NOT-FOR-US: Advantech CVE-2021-38430 RESERVED CVE-2021-38429 @@ -11190,13 +11190,13 @@ CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication R CVE-2021-37740 RESERVED CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...) - TODO: check + NOT-FOR-US: Aruba CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...) NOT-FOR-US: Aruba CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...) -- cgit v1.2.3