diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-15 09:41:18 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-15 09:41:18 +0100 |
| commit | b0243e73ef2c5dd9c2cac1aa6d525be43bc62e35 (patch) | |
| tree | 01823aa93e108c5ff21bd5bc874ebe02e048bcef | |
| parent | 89fa11374cba2fa15657bc38521783acda34673f (diff) | |
Process some NFUs
| -rw-r--r-- | data/CVE/2021.list | 8 | ||||
| -rw-r--r-- | data/CVE/2022.list | 38 |
2 files changed, 23 insertions, 23 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 1d1fec6dde..e361e0e9a4 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1284,7 +1284,7 @@ CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x befor CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) NOT-FOR-US: MediaWiki extension WikiBaseMediainfo CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...) - TODO: check + NOT-FOR-US: ForgeRock CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...) NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...) @@ -3434,9 +3434,9 @@ CVE-2021-45350 CVE-2021-45349 RESERVED CVE-2021-45348 (An Arbitrary File Deletion vulnerability exists in SourceCodester Atte ...) - TODO: check + NOT-FOR-US: SourceCodester CVE-2021-45347 (An Incorrect Access Control vulnerability exists in zzcms 8.2, which l ...) - TODO: check + NOT-FOR-US: zzcms CVE-2021-45346 (A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and ...) TODO: check CVE-2021-45345 @@ -3527,7 +3527,7 @@ CVE-2021-45312 CVE-2021-45311 RESERVED CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected ...) - TODO: check + NOT-FOR-US: Sangoma Technologies Corporation Switchvox CVE-2021-45309 RESERVED CVE-2021-45308 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index f47f794735..eec032e91a 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -475,7 +475,7 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 a NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935 NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...) - TODO: check + NOT-FOR-US: LibreNMS CVE-2022-24980 RESERVED CVE-2022-24979 @@ -485,7 +485,7 @@ CVE-2022-24978 CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) NOT-FOR-US: ImpressCMS CVE-2022-0579 (Improper Privilege Management in Packagist snipe/snipe-it prior to 5.3 ...) - TODO: check + NOT-FOR-US: snipe-it CVE-2022-0578 RESERVED CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...) @@ -1217,7 +1217,7 @@ CVE-2022-0541 CVE-2022-0540 RESERVED CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...) - TODO: check + NOT-FOR-US: beanstalk_console CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...) - jenkins <removed> CVE-2022-0537 @@ -1258,15 +1258,15 @@ CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of ser CVE-2022-0528 RESERVED CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) - TODO: check + NOT-FOR-US: chatwoot CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) - TODO: check + NOT-FOR-US: chatwoot CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2. ...) - mruby <not-affected> (Vulnerable code introduced later) NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9 NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7 CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...) - TODO: check + NOT-FOR-US: Publify CVE-2022-0523 (Expired Pointer Dereference in GitHub repository radareorg/radare2 pri ...) - radare2 <unfixed> NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69 @@ -1824,7 +1824,7 @@ CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelpe CVE-2022-24408 RESERVED CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...) - TODO: check + NOT-FOR-US: beanstalk_console CVE-2022-0500 RESERVED CVE-2022-0499 @@ -2528,7 +2528,7 @@ CVE-2022-24208 CVE-2022-24207 RESERVED CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) - TODO: check + NOT-FOR-US: Tongda2000 CVE-2022-24205 RESERVED CVE-2022-24204 @@ -3102,7 +3102,7 @@ CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceive CVE-2022-23993 (/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_fi ...) NOT-FOR-US: pfSense CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...) - TODO: check + NOT-FOR-US: XCOM Data Transport CVE-2022-23991 RESERVED CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...) @@ -3369,7 +3369,7 @@ CVE-2022-23904 CVE-2022-23903 RESERVED CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) - TODO: check + NOT-FOR-US: Tongda2000 CVE-2022-23901 RESERVED CVE-2022-23900 @@ -4736,7 +4736,7 @@ CVE-2022-23412 CVE-2022-23411 RESERVED CVE-2022-23410 (AXIS IP Utility prior to 4.17.0 allows for remote code execution and l ...) - TODO: check + NOT-FOR-US: AXIS IP Utility CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to ...) NOT-FOR-US: Craft CMS CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...) @@ -4774,11 +4774,11 @@ CVE-2022-23393 CVE-2022-23392 RESERVED CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...) - TODO: check + NOT-FOR-US: Pybbs CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...) - TODO: check + NOT-FOR-US: BBS Forum CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...) - TODO: check + NOT-FOR-US: PublicCMS CVE-2022-23388 RESERVED CVE-2022-23387 @@ -4882,11 +4882,11 @@ CVE-2022-23339 CVE-2022-23338 RESERVED CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...) - TODO: check + NOT-FOR-US: DedeCMS CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in ...) - TODO: check + NOT-FOR-US: S-CMS CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: Metinfo CVE-2022-23334 RESERVED CVE-2022-23333 @@ -7861,7 +7861,7 @@ CVE-2022-22297 CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...) NOT-FOR-US: Sourcecodester CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) - TODO: check + NOT-FOR-US: Metinfo CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an attack ...) NOT-FOR-US: zfaka CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...) @@ -8952,7 +8952,7 @@ CVE-2022-21820 CVE-2022-21819 RESERVED CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...) - TODO: check + NOT-FOR-US: NVIDIA License System CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...) NOT-FOR-US: NVIDIA CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) |