From d76878347c4e453ec3e53cecbff8ed0d2ea655d4 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 21 Jan 2022 21:34:28 +0100 Subject: Process some NFUs --- data/CVE/list.2021 | 50 +++++++++++++++++++++++++------------------------- data/CVE/list.2022 | 12 ++++++------ 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 9d91971c3a..1df1feea8a 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -189,11 +189,11 @@ CVE-2021-46311 CVE-2021-46310 RESERVED CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...) - TODO: check + NOT-FOR-US: Projectworlds Online Examination System CVE-2021-46306 RESERVED CVE-2021-46305 @@ -415,13 +415,13 @@ CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read v CVE-2021-46202 RESERVED CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...) - TODO: check + NOT-FOR-US: Sourcecodester Online Resort Management System CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-46199 RESERVED CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-46197 RESERVED CVE-2021-46196 @@ -2406,7 +2406,7 @@ CVE-2021-4147 [deadlock and crash in libxl driver] NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) - TODO: check + NOT-FOR-US: pimcore CVE-2021-4145 [NULL pointer dereference in mirror_wait_on_conflicts() in block/mirror.c] RESERVED - qemu 1:6.2+dfsg-1 @@ -2439,7 +2439,7 @@ CVE-2021-45444 CVE-2021-45443 RESERVED CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...) - TODO: check + NOT-FOR-US: BigBlueButton CVE-2021-45442 (A link following denial-of-service vulnerability in Trend Micro Worry- ...) NOT-FOR-US: Trend Micro CVE-2021-45441 (A origin validation error vulnerability in Trend Micro Apex One (on-pr ...) @@ -4637,7 +4637,7 @@ CVE-2021-44595 CVE-2021-44594 RESERVED CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...) - TODO: check + NOT-FOR-US: Simple College Website CVE-2021-44592 RESERVED CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) @@ -5093,7 +5093,7 @@ CVE-2021-23223 CVE-2021-23179 RESERVED CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) - TODO: check + NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard) CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) NOT-FOR-US: mySCADA myPRO CVE-2021-44451 @@ -5141,29 +5141,29 @@ CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All version CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < ...) NOT-FOR-US: Siemens CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-4035 RESERVED CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-33843 (Fresenius Kabi Agilia Link + version 3.0 has a default configuration p ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...) TODO: check CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Agilia Link CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant MasterMed CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...) - TODO: check + NOT-FOR-US: Agilia Link+ CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) - TODO: check + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) NOT-FOR-US: Serva CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) @@ -5732,7 +5732,7 @@ CVE-2021-44197 CVE-2021-44196 RESERVED CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...) - TODO: check + NOT-FOR-US: Rapid7 Insight Agent CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: firefly-iii CVE-2021-4014 @@ -13891,7 +13891,7 @@ CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Esca CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...) NOT-FOR-US: Auerswald CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...) - TODO: check + NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) NOT-FOR-US: AnyDesk CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...) @@ -14498,7 +14498,7 @@ CVE-2021-40597 CVE-2021-40596 RESERVED CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-40594 RESERVED CVE-2021-40593 @@ -15399,7 +15399,7 @@ CVE-2021-40249 CVE-2021-40248 RESERVED CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-40246 RESERVED CVE-2021-40245 @@ -27927,7 +27927,7 @@ CVE-2021-35005 CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) TODO: check CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2021-35002 RESERVED CVE-2021-35001 diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 778c5acaa5..41d2c2dec1 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -259,7 +259,7 @@ CVE-2022-23730 CVE-2022-23729 RESERVED CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) - TODO: check + NOT-FOR-US: LG CVE-2022-23727 RESERVED CVE-2022-23726 @@ -1813,13 +1813,13 @@ CVE-2022-23131 (In the case of instances where the SAML SSO authentication is en NOTE: https://support.zabbix.com/browse/ZBX-20350 TODO: check, possibly only affecting 5.4.0 onwards CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2022-23126 RESERVED CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) @@ -4836,7 +4836,7 @@ CVE-2022-21935 CVE-2022-21934 RESERVED CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...) - TODO: check + NOT-FOR-US: ASUS CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) NOT-FOR-US: Microsoft CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) -- cgit v1.2.3