From 023e9e542c4f54aca6e631966aae49e63a94356b Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 14 Oct 2021 23:37:50 +0200 Subject: NFUs --- data/CVE/2021.list | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index c9ded7d6e4..f46982caa3 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -45,7 +45,7 @@ CVE-2021-42371 CVE-2021-42370 RESERVED CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...) - TODO: check + NOT-FOR-US: Imagicle Application Suite CVE-2021-42368 RESERVED CVE-2021-42367 @@ -357,9 +357,9 @@ CVE-2021-42230 CVE-2021-42229 RESERVED CVE-2021-42228 (Cross Site Request Forgery (CSRF) vulnerability exists in KindEdirot 4 ...) - TODO: check + NOT-FOR-US: KindEditor CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...) - TODO: check + NOT-FOR-US: KindEditor CVE-2021-42226 RESERVED CVE-2021-42225 @@ -2794,7 +2794,7 @@ CVE-2021-41144 CVE-2021-41143 RESERVED CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) - TODO: check + NOT-FOR-US: Tuleap CVE-2021-41141 RESERVED CVE-2021-41140 @@ -2802,7 +2802,7 @@ CVE-2021-41140 CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) NOT-FOR-US: Anuko Time Tracker CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) - TODO: check + NOT-FOR-US: Frontier CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...) TODO: check CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...) @@ -2814,7 +2814,7 @@ CVE-2021-41135 CVE-2021-41134 RESERVED CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) - TODO: check + NOT-FOR-US: OMERO.web CVE-2021-41131 RESERVED CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) @@ -6969,7 +6969,7 @@ CVE-2021-39332 CVE-2021-39331 RESERVED CVE-2021-39330 (The Formidable Form Builder WordPress plugin is vulnerable to Stored C ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-39329 RESERVED CVE-2021-39328 @@ -9394,11 +9394,11 @@ CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected C CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...) NOT-FOR-US: WordPress plugin CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incor ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Op ...) NOT-FOR-US: WordPress plugin CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross ...) @@ -10393,7 +10393,7 @@ CVE-2021-37935 CVE-2021-37934 RESERVED CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...) - TODO: check + NOT-FOR-US: Huntflow Enterprise CVE-2021-37932 RESERVED CVE-2021-3681 @@ -13842,11 +13842,11 @@ CVE-2021-36391 CVE-2021-36390 RESERVED CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...) - TODO: check + NOT-FOR-US: Yellowfin CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...) - TODO: check + NOT-FOR-US: Yellowfin CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...) - TODO: check + NOT-FOR-US: Yellowfin CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...) - fetchmail 6.4.16-4 (unimportant) NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt @@ -15907,7 +15907,7 @@ CVE-2021-35500 CVE-2021-35499 RESERVED CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...) - TODO: check + NOT-FOR-US: TIBCO CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) NOT-FOR-US: TIBCO CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...) @@ -21290,11 +21290,11 @@ CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi compo CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...) NOT-FOR-US: Synology CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2021-33178 (The Manage Backgrounds functionality within Nagvis versions prior to 2 ...) TODO: check CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...) NOT-FOR-US: VerneMQ MQTT Broker CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...) @@ -22818,11 +22818,11 @@ CVE-2021-32573 (** DISPUTED ** The express-cart package through 1.1.10 for Node. CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...) NOT-FOR-US: Speco Web Viewer CVE-2021-32571 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) - TODO: check + NOT-FOR-US: OSS-RC CVE-2021-32570 RESERVED CVE-2021-32569 (** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B a ...) - TODO: check + NOT-FOR-US: OSS-RC CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data ...) NOT-FOR-US: mrdoc CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) @@ -32598,7 +32598,7 @@ CVE-2021-28662 (An issue was discovered in Squid 4.x before 4.15 and 5.x before NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b1c37c9e7b30d0efb5e5ccf8200f2a646b9c36f8.patch CVE-2021-28661 (Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x thr ...) - TODO: check + NOT-FOR-US: ilverStripe GraphQL Server CVE-2021-3449 (An OpenSSL TLS server may crash if sent a maliciously crafted renegoti ...) {DSA-4875-1} - openssl 1.1.1k-1 @@ -34958,7 +34958,7 @@ CVE-2021-27666 RESERVED NOT-FOR-US: Android CVE-2021-27665 (An unauthenticated remote user could exploit a potential integer overf ...) - TODO: check + NOT-FOR-US: Johnson Controls CVE-2021-27664 (Under certain configurations an unauthenticated remote user could be g ...) NOT-FOR-US: exacqVision CVE-2021-27663 (A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM ...) -- cgit v1.2.3