summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2022-01-27 08:06:30 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2022-01-27 08:06:30 +0100
commit6f0f66cbf6aebae99922f9e034c3a5a8bfa03be9 (patch)
tree6d8510233259dd52d2ec70e88ccf08b875b973a1
parent17e57d7051dcac5475e305d72a2a7cb4ca8b6139 (diff)
Process some NFUs
-rw-r--r--data/CVE/2021.list54
-rw-r--r--data/CVE/2022.list8
2 files changed, 31 insertions, 31 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index e449df8abf..0f41ca5d6e 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -4843,7 +4843,7 @@ CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()]
NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8)
NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11)
CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss Platform
CVE-2021-44691
RESERVED
CVE-2021-44690
@@ -7055,7 +7055,7 @@ CVE-2021-43865
CVE-2021-43864
RESERVED
CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...)
- TODO: check
+ NOT-FOR-US: Nextcloud Android app
CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...)
NOT-FOR-US: jQuery Terminal Emulator
CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...)
@@ -8234,7 +8234,7 @@ CVE-2021-43422
CVE-2021-43421
RESERVED
CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester
CVE-2021-43419
RESERVED
CVE-2021-43418
@@ -8314,7 +8314,7 @@ CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate thei
CVE-2021-43395
RESERVED
CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...)
- TODO: check
+ NOT-FOR-US: Unisys
CVE-2021-43393
RESERVED
CVE-2021-43392
@@ -8458,7 +8458,7 @@ CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF f
CVE-2021-43335
RESERVED
CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...)
- TODO: check
+ NOT-FOR-US: BuddyBoss
CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...)
NOT-FOR-US: Datalogic
CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...)
@@ -15658,7 +15658,7 @@ CVE-2021-40339
CVE-2021-40338
RESERVED
CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2021-40336
RESERVED
CVE-2021-40335
@@ -16058,7 +16058,7 @@ CVE-2021-40169
CVE-2021-40168
RESERVED
CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40166
RESERVED
CVE-2021-40165
@@ -16074,9 +16074,9 @@ CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution thr
CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...)
NOT-FOR-US: Autodesk
CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...)
- TODO: check
+ NOT-FOR-US: Autodesk
CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...)
NOT-FOR-US: Autodesk
CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...)
@@ -21818,9 +21818,9 @@ CVE-2021-37869
CVE-2021-37868
RESERVED
CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...)
- TODO: check
+ NOT-FOR-US: Mattermost Boards plugin
CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...)
- TODO: check
+ NOT-FOR-US: Mattermost Boards plugin
CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...)
TODO: check
CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...)
@@ -25329,19 +25329,19 @@ CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authen
CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...)
NOT-FOR-US: EMC
CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36345
RESERVED
CVE-2021-36344
RESERVED
CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...)
NOT-FOR-US: Dell
CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...)
@@ -25433,11 +25433,11 @@ CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky crypt
CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...)
NOT-FOR-US: SupportAssist Client (Dell)
CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36293
RESERVED
CVE-2021-36292
@@ -25447,7 +25447,7 @@ CVE-2021-36291
CVE-2021-36290
RESERVED
CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2021-36288
RESERVED
CVE-2021-36287
@@ -28432,7 +28432,7 @@ CVE-2021-35007
CVE-2021-35006
RESERVED
CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: TP-Link
CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -28707,13 +28707,13 @@ CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary
CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: Bentley View
CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...)
- TODO: check
+ NOT-FOR-US: Parallels Desktop
CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...)
- linux 5.14.6-1
[bullseye] - linux 5.10.70-1
@@ -28721,7 +28721,7 @@ CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14)
CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels Desktop
CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
@@ -39114,7 +39114,7 @@ CVE-2021-30638 (Information Exposure vulnerability in context asset handling of
CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...)
NOT-FOR-US: htmly
CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...)
- TODO: check
+ NOT-FOR-US: MediaTek LinkIt SDK
CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...)
NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2021-30634
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 94c2d43fdc..db566e8c05 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -68,9 +68,9 @@ CVE-2022-0381
CVE-2022-0380
RESERVED
CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0377
RESERVED
CVE-2022-0376
@@ -3206,7 +3206,7 @@ CVE-2022-22791
CVE-2022-22790
RESERVED
CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover &#8211; An attacker ...)
- TODO: check
+ NOT-FOR-US: Charactell - FormStorm Enterprise
CVE-2022-22788
RESERVED
CVE-2022-22787
@@ -5879,7 +5879,7 @@ CVE-2022-21713
CVE-2022-21712
RESERVED
CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...)
- TODO: check
+ NOT-FOR-US: elfspirit
CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...)
TODO: check
CVE-2022-21709

© 2014-2024 Faster IT GmbH | imprint | privacy policy