summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2022-01-20 22:37:12 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2022-01-20 22:37:12 +0100
commit32c7e08123fba41c92022a9009facfdca282600e (patch)
treeefa006ae2e50ca65e394c36b7af6322d8ba9d1fc
parentca53049d7fdcfcfd1da4bee54511c31f188fc853 (diff)
Process NFUs
-rw-r--r--data/CVE/2020.list6
-rw-r--r--data/CVE/2021.list62
-rw-r--r--data/CVE/2022.list14
3 files changed, 41 insertions, 41 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 03277a1258..b8431cc4f5 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -9033,7 +9033,7 @@ CVE-2020-27430
CVE-2020-27429
RESERVED
CVE-2020-27428 (A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Re ...)
- TODO: check
+ NOT-FOR-US: Scratch-Svg-Renderer
CVE-2020-27427
RESERVED
CVE-2020-27426
@@ -29718,7 +29718,7 @@ CVE-2020-18079
CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...)
NOT-FOR-US: SEMCMS
CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...)
- TODO: check
+ NOT-FOR-US: FTPShell Server
CVE-2020-18076
RESERVED
CVE-2020-18075
@@ -39203,7 +39203,7 @@ CVE-2020-14112
CVE-2020-14111
RESERVED
CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...)
- TODO: check
+ NOT-FOR-US: AX3600 router
CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...)
NOT-FOR-US: Xiaomi
CVE-2020-14108
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index cf86047137..927fec824f 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -239,7 +239,7 @@ CVE-2021-45729
CVE-2021-44779
RESERVED
CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2021-44760
RESERVED
CVE-2021-4207
@@ -662,7 +662,7 @@ CVE-2021-46106
CVE-2021-46105
RESERVED
CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...)
- TODO: check
+ NOT-FOR-US: webp_server_go
CVE-2021-46103
RESERVED
CVE-2021-46102
@@ -856,13 +856,13 @@ CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in Ja
CVE-2021-46029
RESERVED
CVE-2021-46028 (In mblog &lt;= 3.5.0 there is a CSRF vulnerability in the background a ...)
- TODO: check
+ NOT-FOR-US: mblog
CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...)
- TODO: check
+ NOT-FOR-US: mysiteforme
CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...)
- TODO: check
+ NOT-FOR-US: mysiteforme
CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog &lt;= 2.2 ...)
- TODO: check
+ NOT-FOR-US: OneBlog
CVE-2021-46024
RESERVED
CVE-2021-46023
@@ -3998,7 +3998,7 @@ CVE-2021-44831
CVE-2021-44830
RESERVED
CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...)
- TODO: check
+ NOT-FOR-US: AFI WebACMS
CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...)
NOT-FOR-US: ARM
CVE-2021-44827
@@ -4271,15 +4271,15 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile]
[buster] - rainloop <no-dsa> (Minor issue)
NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872
CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...)
- TODO: check
+ NOT-FOR-US: Lexmark
CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...)
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -5542,9 +5542,9 @@ CVE-2021-44247
CVE-2021-44246
RESERVED
CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...)
- TODO: check
+ NOT-FOR-US: Courcecodester COVID 19 Testing Management System (CTMS)
CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System
CVE-2021-44243
RESERVED
CVE-2021-44242
@@ -5988,11 +5988,11 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug
CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...)
NOT-FOR-US: zrlog
CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...)
- TODO: check
+ NOT-FOR-US: code-projects Pharmacy Management
CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...)
- TODO: check
+ NOT-FOR-US: Courcecodester Multi Restaurant Table Reservation System
CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...)
- TODO: check
+ NOT-FOR-US: Sourcecodester Online Reviewer System
CVE-2021-44089
RESERVED
CVE-2021-44088
@@ -8157,7 +8157,7 @@ CVE-2021-43271
CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...)
NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus)
CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...)
- TODO: check
+ NOT-FOR-US: Code42 app
CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...)
NOT-FOR-US: Wind River VxWorks
CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...)
@@ -11076,7 +11076,7 @@ CVE-2021-42010
CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...)
NOT-FOR-US: Apache Traffic Control
CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...)
- TODO: check
+ NOT-FOR-US: icecoder
CVE-2021-3861
RESERVED
CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...)
@@ -11167,7 +11167,7 @@ CVE-2021-41974 (Tad Book3 editing book page does not perform identity verificati
CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...)
NOT-FOR-US: snipe-it
CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
- TODO: check
+ NOT-FOR-US: chaskiq
CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...)
NOT-FOR-US: Apache MINA
CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...)
@@ -11400,7 +11400,7 @@ CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before
CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...)
NOT-FOR-US: MyBB
CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...)
- TODO: check
+ NOT-FOR-US: chaskiq
CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...)
TODO: check
CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...)
@@ -26330,15 +26330,15 @@ CVE-2021-35689
CVE-2021-35688
RESERVED
CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35685
RESERVED
CVE-2021-35684
RESERVED
CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35682
RESERVED
CVE-2021-35681
@@ -26541,7 +26541,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition
{DLA-2814-1}
- openjdk-8 8u312-b07-1
CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...)
{DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1}
- openjdk-17 17.0.1+12-1
@@ -28220,7 +28220,7 @@ CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose
CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...)
NOT-FOR-US: TeamViewer
CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...)
- TODO: check
+ NOT-FOR-US: TeamViewer
CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...)
NOT-FOR-US: Parallels Desktop
CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...)
@@ -28824,7 +28824,7 @@ CVE-2021-34602
CVE-2021-34601
RESERVED
CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...)
- TODO: check
+ NOT-FOR-US: Telenot CompasX
CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...)
NOT-FOR-US: CODESYS
CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...)
@@ -32516,7 +32516,7 @@ CVE-2021-33042
CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...)
NOT-FOR-US: vmd
CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...)
- TODO: check
+ NOT-FOR-US: FuturePress EPub.js
CVE-2021-33039
RESERVED
CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...)
@@ -35568,7 +35568,7 @@ CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted mes
NOTE: https://kde.org/info/security/advisory-20210429-1.txt
NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799
CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...)
NOT-FOR-US: McAfee
CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...)
@@ -42377,7 +42377,7 @@ CVE-2021-29217
CVE-2021-29216
RESERVED
CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...)
NOT-FOR-US: HPE
CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...)
@@ -55184,7 +55184,7 @@ CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session w
CVE-2021-23844
RESERVED
CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...)
- TODO: check
+ NOT-FOR-US: Bosch
CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...)
TODO: check
CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...)
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 76bb229b40..1a6417ea4a 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -855,23 +855,23 @@ CVE-2022-0287
CVE-2022-0286
RESERVED
CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
- TODO: check
+ NOT-FOR-US: pimcore
CVE-2022-0284
RESERVED
CVE-2022-0283
RESERVED
CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0280
RESERVED
CVE-2022-0279
RESERVED
CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...)
- TODO: check
+ NOT-FOR-US: microweber
CVE-2022-23436
RESERVED
CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...)
@@ -5211,7 +5211,7 @@ CVE-2022-21703
CVE-2022-21702
RESERVED
CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...)
TODO: check
CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...)
@@ -5270,7 +5270,7 @@ CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.1
CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...)
TODO: check
CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...)
- TODO: check
+ NOT-FOR-US: Istio
CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...)
NOT-FOR-US: Discourse
CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...)

© 2014-2024 Faster IT GmbH | imprint | privacy policy