From 8210ad1353e183c69e24516e403ea5993d1740ff Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 11 Oct 2021 22:37:50 +0200 Subject: Process some NFUs --- data/CVE/list.2021 | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) (limited to 'data') diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 82eeaf0605..b91632c9e4 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -3032,17 +3032,17 @@ CVE-2021-40891 CVE-2021-40890 RESERVED CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution vulnerability ...) - TODO: check + NOT-FOR-US: CMSUno CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting (XSS) du ...) - TODO: check + NOT-FOR-US: Projectsend CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal vulnera ...) - TODO: check + NOT-FOR-US: Projectsend CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal vulnera ...) - TODO: check + NOT-FOR-US: Projectsend CVE-2021-40885 RESERVED CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...) - TODO: check + NOT-FOR-US: Projectsend CVE-2021-40883 RESERVED CVE-2021-40882 @@ -3835,7 +3835,7 @@ CVE-2021-40543 (Opensis-Classic Version 8.0 is affected by a SQL injection vulne CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). ...) TODO: check CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the pr ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...) - ulfius 2.7.1-2 (bug #993851) [bullseye] - ulfius 2.7.1-1+deb11u1 @@ -4696,13 +4696,13 @@ CVE-2021-40193 CVE-2021-40192 RESERVED CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due ...) - TODO: check + NOT-FOR-US: Dzzoffice CVE-2021-40190 RESERVED CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution vulnerabilit ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerabili ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2021-40187 RESERVED CVE-2021-40186 @@ -6662,7 +6662,7 @@ CVE-2021-39319 CVE-2021-39318 RESERVED CVE-2021-39317 (Versions up to, and including, 1.0.6, of the Access Demo Importer Word ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, ...) NOT-FOR-US: WordPress plugin CVE-2021-39315 @@ -16497,9 +16497,9 @@ CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in D CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...) NOT-FOR-US: DRK Odenwaldkreis Testerfassung CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthe ...) - TODO: check + NOT-FOR-US: OpenWay WAY4 ACS CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enrol ...) - TODO: check + NOT-FOR-US: OpenWay WAY4 ACS CVE-2021-35058 RESERVED CVE-2021-35057 @@ -31328,11 +31328,11 @@ CVE-2021-29008 (A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows rem CVE-2021-29007 RESERVED CVE-2021-29006 (rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An ...) - TODO: check + NOT-FOR-US: rConfig CVE-2021-29005 (Insecure permission of chmod command on rConfig server 3.9.6 exists. A ...) - TODO: check + NOT-FOR-US: rConfig CVE-2021-29004 (rConfig 3.9.6 is affected by SQL Injection. A user must be authenticat ...) - TODO: check + NOT-FOR-US: rConfig CVE-2021-29003 (Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers ...) NOT-FOR-US: Genexis devices CVE-2021-29002 (A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 e ...) @@ -36017,7 +36017,7 @@ CVE-2021-27004 CVE-2021-27003 RESERVED CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...) - TODO: check + NOT-FOR-US: NetApp Cloud Manager CVE-2021-27001 RESERVED CVE-2021-27000 @@ -37014,7 +37014,7 @@ CVE-2021-26590 CVE-2021-26589 RESERVED CVE-2021-26588 (A potential security vulnerability has been identified in HPE 3PAR Sto ...) - TODO: check + NOT-FOR-US: HPE CVE-2021-26587 (A potential DOM-based Cross Site Scripting security vulnerability has ...) NOT-FOR-US: HPE StoreOnce CVE-2021-26586 (A potential security vulnerability has been identified in the HPE Edge ...) @@ -41526,7 +41526,7 @@ CVE-2021-24739 CVE-2021-24738 RESERVED CVE-2021-24737 (The Comments – wpDiscuz WordPress plugin through 7.3.0 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24736 RESERVED CVE-2021-24735 @@ -41560,9 +41560,9 @@ CVE-2021-24722 CVE-2021-24721 RESERVED CVE-2021-24720 (The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 wa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24719 (The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Refle ...) - TODO: check + NOT-FOR-US: WordPress theme CVE-2021-24718 RESERVED CVE-2021-24717 @@ -41576,13 +41576,13 @@ CVE-2021-24714 CVE-2021-24713 RESERVED CVE-2021-24712 (The Appointment Hour Booking WordPress plugin before 1.3.17 does not p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24711 (The del_reistered_domains AJAX action of the Software License Manager ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24710 RESERVED CVE-2021-24709 (The Weather Effect WordPress plugin before 1.3.6 does not properly val ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24708 RESERVED CVE-2021-24707 @@ -41618,9 +41618,9 @@ CVE-2021-24693 CVE-2021-24692 RESERVED CVE-2021-24691 (The Quiz And Survey Master WordPress plugin before 7.3.2 does not esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24690 (The Chained Quiz WordPress plugin before 1.2.7.2 does not properly san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24689 RESERVED CVE-2021-24688 @@ -41634,11 +41634,11 @@ CVE-2021-24685 CVE-2021-24684 RESERVED CVE-2021-24683 (The Weather Effect WordPress plugin before 1.3.4 does not have any CSR ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24682 RESERVED CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24680 RESERVED CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...) @@ -41688,7 +41688,7 @@ CVE-2021-24658 (The Erident Custom Login and Dashboard WordPress plugin before 3 CVE-2021-24657 (The Limit Login Attempts WordPress plugin before 4.0.50 does not escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24656 (The Simple Social Media Share Buttons WordPress plugin before 3.2.4 do ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24655 RESERVED CVE-2021-24654 (The User Registration WordPress plugin before 2.0.2 does not properly ...) @@ -41698,7 +41698,7 @@ CVE-2021-24653 CVE-2021-24652 (The PostX – Gutenberg Blocks for Post Grid WordPress plugin befo ...) NOT-FOR-US: WordPress plugin CVE-2021-24651 (The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated us ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24650 RESERVED CVE-2021-24649 @@ -41846,9 +41846,9 @@ CVE-2021-24579 (The bt_bb_get_grid AJAX action of the Bold Page Builder WordPres CVE-2021-24578 RESERVED CVE-2021-24577 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24576 (The Easy Accordion WordPress plugin before 2.0.22 does not properly sa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24575 RESERVED CVE-2021-24574 (The Simple Banner WordPress plugin before 2.10.4 does not sanitise and ...) @@ -41874,7 +41874,7 @@ CVE-2021-24565 (The Contact Form 7 Captcha WordPress plugin before 0.0.9 does no CVE-2021-24564 (The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2021-24563 (The Frontend Uploader WordPress plugin through 1.3.2 does not prevent ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24562 (The LMS by LifterLMS – Online Course, Membership & Learning ...) NOT-FOR-US: WordPress plugin CVE-2021-24561 (The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_gr ...) @@ -41908,9 +41908,9 @@ CVE-2021-24548 (The Mimetic Books WordPress plugin through 0.2.13 was vulnerable CVE-2021-24547 (The KN Fix Your Title WordPress plugin through 1.0.1 was vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2021-24546 (The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24545 (The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24544 RESERVED CVE-2021-24543 @@ -52501,9 +52501,9 @@ CVE-2021-20124 CVE-2021-20123 RESERVED CVE-2021-20122 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) - TODO: check + NOT-FOR-US: Telus Wi-Fi Hub CVE-2021-20121 (The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is ...) - TODO: check + NOT-FOR-US: Telus Wi-Fi Hub CVE-2021-20120 RESERVED CVE-2021-20119 -- cgit v1.2.3