diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-07 21:56:45 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2022-02-07 21:56:45 +0100 |
commit | 354827bbce2e75f7c2efb5ff0131ca9f4523d730 (patch) | |
tree | 42230b179527e744f9c5a9108b1bdbd53acff5b5 | |
parent | 82874adaf986bb3ec0a5284b9a6118205ccc47b3 (diff) |
Process several NFUs
-rw-r--r-- | data/CVE/2013.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2021.list | 52 | ||||
-rw-r--r-- | data/CVE/2022.list | 48 |
4 files changed, 52 insertions, 52 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index fa16b507e3..9fc3286a3f 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,7 +1,7 @@ CVE-2013-20004 (StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. ...) NOT-FOR-US: StarWind CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...) - TODO: check + NOT-FOR-US: Z-Wave devices CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...) NOT-FOR-US: Elemin CVE-2013-20001 (An issue was discovered in OpenZFS through 2.0.3. When an NFS share is ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index e390923cbc..b538e2ebac 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,7 +1,7 @@ CVE-2018-25030 RESERVED CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...) - TODO: check + NOT-FOR-US: Z-Wave specification CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) NOT-FOR-US: Rust crate libpulse-binding CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index eb13a890d4..3494116f4c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -652,7 +652,7 @@ CVE-2021-46391 CVE-2021-46390 RESERVED CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) - TODO: check + NOT-FOR-US: IIPImage High Resolution Streaming Image Server CVE-2021-46388 RESERVED CVE-2021-46387 @@ -712,7 +712,7 @@ CVE-2021-46361 CVE-2021-46360 RESERVED CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...) - TODO: check + NOT-FOR-US: FISCO-BCOS CVE-2021-46358 RESERVED CVE-2021-46357 @@ -3250,7 +3250,7 @@ CVE-2021-45410 CVE-2021-45409 RESERVED CVE-2021-45408 (Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, ...) - TODO: check + NOT-FOR-US: SeedDMS CVE-2021-45407 RESERVED CVE-2021-45406 (In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to ...) @@ -6486,11 +6486,11 @@ CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: ShowDoc CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...) NOT-FOR-US: Acronis CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...) @@ -7298,15 +7298,15 @@ CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but CVE-2021-43930 RESERVED CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...) - TODO: check + NOT-FOR-US: Synology CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...) - TODO: check + NOT-FOR-US: Synology CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...) - TODO: check + NOT-FOR-US: Synology CVE-2021-43924 RESERVED CVE-2021-43923 @@ -7498,7 +7498,7 @@ CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...) NOT-FOR-US: Wiki.js CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...) - TODO: check + NOT-FOR-US: XWiki CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...) TODO: check CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...) @@ -10011,7 +10011,7 @@ CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081 CVE-2021-42834 RESERVED CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...) - TODO: check + NOT-FOR-US: AquaView CVE-2021-42832 RESERVED CVE-2021-42831 @@ -15859,7 +15859,7 @@ CVE-2021-40422 CVE-2021-40421 RESERVED CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...) NOT-FOR-US: Reolink CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...) @@ -18588,7 +18588,7 @@ CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser f CVE-2021-39281 RESERVED CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...) - TODO: check + NOT-FOR-US: Korenix JetWave devices CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...) NOT-FOR-US: MOXA CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...) @@ -21335,7 +21335,7 @@ CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mish NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2) NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1) CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...) - TODO: check + NOT-FOR-US: perM CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 @@ -34276,7 +34276,7 @@ CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storag CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...) NOT-FOR-US: Nextcloud Text CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...) - TODO: check + NOT-FOR-US: XWiki CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) NOT-FOR-US: XWiki CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...) @@ -42947,17 +42947,17 @@ CVE-2021-29400 (A cross-site request forgery (CSRF) vulnerability in the My SMTP CVE-2021-29399 (XMB is vulnerable to cross-site scripting (XSS) due to inadequate filt ...) NOT-FOR-US: XMB CVE-2021-29398 (Directory traversal in /northstar/Common/NorthFileManager/fileManagerO ...) - TODO: check + NOT-FOR-US: Northstar CVE-2021-29397 (Cleartext Transmission of Sensitive Information in /northstar/Admin/lo ...) - TODO: check + NOT-FOR-US: Northstar CVE-2021-29396 (Systemic Insecure Permissions in Northstar Technologies Inc NorthStar ...) - TODO: check + NOT-FOR-US: Northstar CVE-2021-29395 (Directory travesal in /northstar/filemanager/download.jsp in Northstar ...) - TODO: check + NOT-FOR-US: Northstar CVE-2021-29394 (Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar ...) - TODO: check + NOT-FOR-US: Northstar CVE-2021-29393 (Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar T ...) - TODO: check + NOT-FOR-US: Northstar CVE-2021-29392 RESERVED CVE-2021-29391 @@ -43353,9 +43353,9 @@ CVE-2021-29221 (A local privilege escalation vulnerability was discovered in Erl CVE-2021-29220 RESERVED CVE-2021-29219 (A potential local buffer overflow vulnerability has been identified in ...) - TODO: check + NOT-FOR-US: HPE CVE-2021-29218 (A local unquoted search path security vulnerability has been identifie ...) - TODO: check + NOT-FOR-US: HPE CVE-2021-29217 RESERVED CVE-2021-29216 @@ -45140,7 +45140,7 @@ CVE-2021-28505 CVE-2021-28504 RESERVED CVE-2021-28503 (The impact of this vulnerability is that Arista's EOS eAPI may skip re ...) - TODO: check + NOT-FOR-US: Arista CVE-2021-28502 RESERVED CVE-2021-28501 (An issue has recently been discovered in Arista EOS where the incorrec ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index da8b87dde3..8dab43aa6b 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1888,7 +1888,7 @@ CVE-2022-0367 CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...) NOT-FOR-US: Sophos CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...) - TODO: check + NOT-FOR-US: Ricon Mobile CVE-2022-0364 RESERVED CVE-2022-0363 @@ -3379,7 +3379,7 @@ CVE-2022-23381 CVE-2022-23380 RESERVED CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...) - TODO: check + NOT-FOR-US: Emlog CVE-2022-23378 RESERVED CVE-2022-23377 @@ -3477,9 +3477,9 @@ CVE-2022-23332 CVE-2022-23331 RESERVED CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...) - TODO: check + NOT-FOR-US: jpress CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...) - TODO: check + NOT-FOR-US: UJCMS Jspxcms CVE-2022-23328 RESERVED CVE-2022-23327 @@ -3497,7 +3497,7 @@ CVE-2022-23322 CVE-2022-23321 RESERVED CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...) - TODO: check + NOT-FOR-US: XMPie uStore CVE-2022-23319 RESERVED CVE-2022-23318 @@ -3727,11 +3727,11 @@ CVE-2022-23265 CVE-2022-23264 RESERVED CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2022-23260 RESERVED CVE-2022-23259 @@ -3964,7 +3964,7 @@ CVE-2022-23186 CVE-2022-23185 RESERVED CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...) - TODO: check + NOT-FOR-US: Octopus Server CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...) - tomcat9 <unfixed> - tomcat8 <removed> @@ -4604,7 +4604,7 @@ CVE-2022-22941 CVE-2022-22940 RESERVED CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...) - TODO: check + NOT-FOR-US: VMware CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...) NOT-FOR-US: VMware CVE-2022-22937 @@ -4908,11 +4908,11 @@ CVE-2022-22835 CVE-2022-22834 RESERVED CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...) - TODO: check + NOT-FOR-US: Servisnet Tessa CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...) - TODO: check + NOT-FOR-US: Servisnet Tessa CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add ...) - TODO: check + NOT-FOR-US: Servisnet Tessa CVE-2022-22830 RESERVED CVE-2022-22829 @@ -5013,7 +5013,7 @@ CVE-2022-22806 CVE-2022-22805 RESERVED CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-22803 RESERVED CVE-2022-22802 @@ -5299,17 +5299,17 @@ CVE-2022-0140 CVE-2022-22728 RESERVED CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) - TODO: check + NOT-FOR-US: Schneider Electric CVE-2022-22721 RESERVED CVE-2022-22720 @@ -5404,7 +5404,7 @@ CVE-2022-22691 (The password reset component deployed within Umbraco uses the ho CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...) NOT-FOR-US: Umbraco CMS CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...) - TODO: check + NOT-FOR-US: CA Harvest Software Change Manager CVE-2022-22688 RESERVED CVE-2022-22687 @@ -5422,11 +5422,11 @@ CVE-2022-22682 CVE-2022-22681 RESERVED CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) - TODO: check + NOT-FOR-US: Synology CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) - TODO: check + NOT-FOR-US: Synology CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...) NOT-FOR-US: Tenable CVE-2022-22678 |