From 32c7e08123fba41c92022a9009facfdca282600e Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 20 Jan 2022 22:37:12 +0100 Subject: Process NFUs --- data/CVE/2020.list | 6 +++--- data/CVE/2021.list | 62 +++++++++++++++++++++++++++--------------------------- data/CVE/2022.list | 14 ++++++------ 3 files changed, 41 insertions(+), 41 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 03277a1258..b8431cc4f5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -9033,7 +9033,7 @@ CVE-2020-27430 CVE-2020-27429 RESERVED CVE-2020-27428 (A DOM-based cross-site scripting (XSS) vulnerability in Scratch-Svg-Re ...) - TODO: check + NOT-FOR-US: Scratch-Svg-Renderer CVE-2020-27427 RESERVED CVE-2020-27426 @@ -29718,7 +29718,7 @@ CVE-2020-18079 CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...) NOT-FOR-US: SEMCMS CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...) - TODO: check + NOT-FOR-US: FTPShell Server CVE-2020-18076 RESERVED CVE-2020-18075 @@ -39203,7 +39203,7 @@ CVE-2020-14112 CVE-2020-14111 RESERVED CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...) - TODO: check + NOT-FOR-US: AX3600 router CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...) NOT-FOR-US: Xiaomi CVE-2020-14108 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index cf86047137..927fec824f 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -239,7 +239,7 @@ CVE-2021-45729 CVE-2021-44779 RESERVED CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-44760 RESERVED CVE-2021-4207 @@ -662,7 +662,7 @@ CVE-2021-46106 CVE-2021-46105 RESERVED CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...) - TODO: check + NOT-FOR-US: webp_server_go CVE-2021-46103 RESERVED CVE-2021-46102 @@ -856,13 +856,13 @@ CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in Ja CVE-2021-46029 RESERVED CVE-2021-46028 (In mblog <= 3.5.0 there is a CSRF vulnerability in the background a ...) - TODO: check + NOT-FOR-US: mblog CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...) - TODO: check + NOT-FOR-US: mysiteforme CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...) - TODO: check + NOT-FOR-US: mysiteforme CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2 ...) - TODO: check + NOT-FOR-US: OneBlog CVE-2021-46024 RESERVED CVE-2021-46023 @@ -3998,7 +3998,7 @@ CVE-2021-44831 CVE-2021-44830 RESERVED CVE-2021-44829 (Cross Site Scripting (XSS) vulnerability exists in index.html in AFI W ...) - TODO: check + NOT-FOR-US: AFI WebACMS CVE-2021-44828 (Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 ...) NOT-FOR-US: ARM CVE-2021-44827 @@ -4271,15 +4271,15 @@ CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] [buster] - rainloop (Minor issue) NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872 CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...) - TODO: check + NOT-FOR-US: Lexmark CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...) - linux [stretch] - linux (Vulnerable code not present) @@ -5542,9 +5542,9 @@ CVE-2021-44247 CVE-2021-44246 RESERVED CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...) - TODO: check + NOT-FOR-US: Courcecodester COVID 19 Testing Management System (CTMS) CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...) - TODO: check + NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System CVE-2021-44243 RESERVED CVE-2021-44242 @@ -5988,11 +5988,11 @@ CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plug CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...) NOT-FOR-US: zrlog CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...) - TODO: check + NOT-FOR-US: code-projects Pharmacy Management CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...) - TODO: check + NOT-FOR-US: Courcecodester Multi Restaurant Table Reservation System CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...) - TODO: check + NOT-FOR-US: Sourcecodester Online Reviewer System CVE-2021-44089 RESERVED CVE-2021-44088 @@ -8157,7 +8157,7 @@ CVE-2021-43271 CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...) NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...) - TODO: check + NOT-FOR-US: Code42 app CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...) NOT-FOR-US: Wind River VxWorks CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...) @@ -11076,7 +11076,7 @@ CVE-2021-42010 CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) NOT-FOR-US: Apache Traffic Control CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...) - TODO: check + NOT-FOR-US: icecoder CVE-2021-3861 RESERVED CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...) @@ -11167,7 +11167,7 @@ CVE-2021-41974 (Tad Book3 editing book page does not perform identity verificati CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) NOT-FOR-US: snipe-it CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) - TODO: check + NOT-FOR-US: chaskiq CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...) NOT-FOR-US: Apache MINA CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...) @@ -11400,7 +11400,7 @@ CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...) NOT-FOR-US: MyBB CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) - TODO: check + NOT-FOR-US: chaskiq CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...) TODO: check CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...) @@ -26330,15 +26330,15 @@ CVE-2021-35689 CVE-2021-35688 RESERVED CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35685 RESERVED CVE-2021-35684 RESERVED CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35682 RESERVED CVE-2021-35681 @@ -26541,7 +26541,7 @@ CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition {DLA-2814-1} - openjdk-8 8u312-b07-1 CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) - TODO: check + NOT-FOR-US: Oracle CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} - openjdk-17 17.0.1+12-1 @@ -28220,7 +28220,7 @@ CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TeamViewer CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...) @@ -28824,7 +28824,7 @@ CVE-2021-34602 CVE-2021-34601 RESERVED CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...) - TODO: check + NOT-FOR-US: Telenot CompasX CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...) NOT-FOR-US: CODESYS CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) @@ -32516,7 +32516,7 @@ CVE-2021-33042 CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...) NOT-FOR-US: vmd CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...) - TODO: check + NOT-FOR-US: FuturePress EPub.js CVE-2021-33039 RESERVED CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...) @@ -35568,7 +35568,7 @@ CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted mes NOTE: https://kde.org/info/security/advisory-20210429-1.txt NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799 CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...) - TODO: check + NOT-FOR-US: McAfee CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...) NOT-FOR-US: McAfee CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) @@ -42377,7 +42377,7 @@ CVE-2021-29217 CVE-2021-29216 RESERVED CVE-2021-29215 (A potential security vulnerability in HPE Ezmeral Data Fabric that may ...) - TODO: check + NOT-FOR-US: HPE CVE-2021-29214 (A security vulnerability has been identified in HPE StoreServ Manageme ...) NOT-FOR-US: HPE CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...) @@ -55184,7 +55184,7 @@ CVE-2021-23845 (This vulnerability could allow an attacker to hijack a session w CVE-2021-23844 RESERVED CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...) - TODO: check + NOT-FOR-US: Bosch CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...) TODO: check CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 76bb229b40..1a6417ea4a 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -855,23 +855,23 @@ CVE-2022-0287 CVE-2022-0286 RESERVED CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) - TODO: check + NOT-FOR-US: pimcore CVE-2022-0284 RESERVED CVE-2022-0283 RESERVED CVE-2022-0282 (Code Injection in Packagist microweber/microweber prior to 1.2.11. ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0280 RESERVED CVE-2022-0279 RESERVED CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0277 (Improper Access Control in Packagist microweber/microweber prior to 1. ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-23436 RESERVED CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...) @@ -5211,7 +5211,7 @@ CVE-2022-21703 CVE-2022-21702 RESERVED CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...) - TODO: check + NOT-FOR-US: Istio CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...) TODO: check CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...) @@ -5270,7 +5270,7 @@ CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.1 CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...) TODO: check CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...) - TODO: check + NOT-FOR-US: Istio CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...) NOT-FOR-US: Discourse CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...) -- cgit v1.2.3