From 6da6432832d256997303389813d574a161062459 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 19 Feb 2022 10:28:06 +0100 Subject: Process NFUs --- data/CVE/2021.list | 190 ++++++++++++++++++++++++++--------------------------- data/CVE/2022.list | 88 ++++++++++++------------- 2 files changed, 139 insertions(+), 139 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index ee07b82abe..757d0d411c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -136,195 +136,195 @@ CVE-2021-4217 [Null pointer dereference in Unicode strings code] CVE-2021-4216 RESERVED CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley View CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley View CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley View CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley View CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley View CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46614 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Bentley CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 091e69ca33..fa58a5d594 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -17,7 +17,7 @@ CVE-2022-25360 CVE-2022-25359 RESERVED CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...) - TODO: check + NOT-FOR-US: awful-salmonella-tar CVE-2022-25357 RESERVED CVE-2022-25356 @@ -294,7 +294,7 @@ CVE-2022-0649 CVE-2022-25257 RESERVED CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...) - TODO: check + NOT-FOR-US: SAS Web Report Studio CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...) - qt6-base - qtbase-opensource-src @@ -736,21 +736,21 @@ CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a he CVE-2022-25138 RESERVED CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2022-25129 RESERVED CVE-2022-25128 @@ -1094,9 +1094,9 @@ CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 a CVE-2022-0580 (Improper Access Control in Packagist librenms/librenms prior to 22.2.0 ...) NOT-FOR-US: LibreNMS CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2022-24978 RESERVED CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) @@ -1148,7 +1148,7 @@ CVE-2022-24973 CVE-2022-24972 RESERVED CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24970 RESERVED CVE-2022-24969 @@ -2594,39 +2594,39 @@ CVE-2022-24372 CVE-2022-24371 RESERVED CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Foxit CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: TP-Link CVE-2022-24353 RESERVED CVE-2022-24352 @@ -3399,7 +3399,7 @@ CVE-2022-24114 (Local privilege escalation due to race condition on application CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...) NOT-FOR-US: Acronis CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...) - TODO: check + NOT-FOR-US: ShowDoc CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. ...) - vim [bullseye] - vim (Minor issue) @@ -3536,25 +3536,25 @@ CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. ... CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) NOT-FOR-US: Insyde CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...) - TODO: check + NOT-FOR-US: Sante DICOM Viewer CVE-2022-24054 RESERVED CVE-2022-24053 @@ -3579,7 +3579,7 @@ CVE-2022-24050 (This vulnerability allows local attackers to escalate privileges NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/ CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...) - TODO: check + NOT-FOR-US: Sonos One Speaker CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges on af ...) - mariadb-10.6 - mariadb-10.5 @@ -3587,9 +3587,9 @@ CVE-2022-24048 (This vulnerability allows local attackers to escalate privileges NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/ CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...) - TODO: check + NOT-FOR-US: BMC Track-It! CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...) - TODO: check + NOT-FOR-US: Sonos One Speaker CVE-2022-24045 RESERVED CVE-2022-24044 -- cgit v1.2.3