From 6f0f66cbf6aebae99922f9e034c3a5a8bfa03be9 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 27 Jan 2022 08:06:30 +0100 Subject: Process some NFUs --- data/CVE/2021.list | 54 +++++++++++++++++++++++++++--------------------------- data/CVE/2022.list | 8 ++++---- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index e449df8abf..0f41ca5d6e 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -4843,7 +4843,7 @@ CVE-2021-4076 [keys: move signing part out of find_by_thp() and to find_jws()] NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8) NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11) CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...) - TODO: check + NOT-FOR-US: BuddyBoss Platform CVE-2021-44691 RESERVED CVE-2021-44690 @@ -7055,7 +7055,7 @@ CVE-2021-43865 CVE-2021-43864 RESERVED CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...) - TODO: check + NOT-FOR-US: Nextcloud Android app CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...) NOT-FOR-US: jQuery Terminal Emulator CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...) @@ -8234,7 +8234,7 @@ CVE-2021-43422 CVE-2021-43421 RESERVED CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...) - TODO: check + NOT-FOR-US: Sourcecodester CVE-2021-43419 RESERVED CVE-2021-43418 @@ -8314,7 +8314,7 @@ CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate thei CVE-2021-43395 RESERVED CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...) - TODO: check + NOT-FOR-US: Unisys CVE-2021-43393 RESERVED CVE-2021-43392 @@ -8458,7 +8458,7 @@ CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF f CVE-2021-43335 RESERVED CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...) - TODO: check + NOT-FOR-US: BuddyBoss CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) NOT-FOR-US: Datalogic CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) @@ -15658,7 +15658,7 @@ CVE-2021-40339 CVE-2021-40338 RESERVED CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2021-40336 RESERVED CVE-2021-40335 @@ -16058,7 +16058,7 @@ CVE-2021-40169 CVE-2021-40168 RESERVED CVE-2021-40167 (A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2021-40166 RESERVED CVE-2021-40165 @@ -16074,9 +16074,9 @@ CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution thr CVE-2021-40160 (A maliciously crafted PDF file prior to 9.0.7 may be forced to read be ...) NOT-FOR-US: Autodesk CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...) - TODO: check + NOT-FOR-US: Autodesk CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...) NOT-FOR-US: Autodesk CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) @@ -21818,9 +21818,9 @@ CVE-2021-37869 CVE-2021-37868 RESERVED CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...) - TODO: check + NOT-FOR-US: Mattermost Boards plugin CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...) - TODO: check + NOT-FOR-US: Mattermost Boards plugin CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...) TODO: check CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...) @@ -25329,19 +25329,19 @@ CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authen CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...) NOT-FOR-US: EMC CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36345 RESERVED CVE-2021-36344 RESERVED CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...) NOT-FOR-US: Dell CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...) @@ -25433,11 +25433,11 @@ CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky crypt CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...) NOT-FOR-US: SupportAssist Client (Dell) CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36293 RESERVED CVE-2021-36292 @@ -25447,7 +25447,7 @@ CVE-2021-36291 CVE-2021-36290 RESERVED CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...) - TODO: check + NOT-FOR-US: Dell CVE-2021-36288 RESERVED CVE-2021-36287 @@ -28432,7 +28432,7 @@ CVE-2021-35007 CVE-2021-35006 RESERVED CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...) - TODO: check + NOT-FOR-US: TeamViewer CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -28707,13 +28707,13 @@ CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Bentley View CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...) - TODO: check + NOT-FOR-US: Netgear CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels Desktop CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 @@ -28721,7 +28721,7 @@ CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges [stretch] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14) CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...) - TODO: check + NOT-FOR-US: Netgear CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...) @@ -39114,7 +39114,7 @@ CVE-2021-30638 (Information Exposure vulnerability in context asset handling of CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...) NOT-FOR-US: htmly CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...) - TODO: check + NOT-FOR-US: MediaTek LinkIt SDK CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2021-30634 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 94c2d43fdc..db566e8c05 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -68,9 +68,9 @@ CVE-2022-0381 CVE-2022-0380 RESERVED CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) - TODO: check + NOT-FOR-US: microweber CVE-2022-0377 RESERVED CVE-2022-0376 @@ -3206,7 +3206,7 @@ CVE-2022-22791 CVE-2022-22790 RESERVED CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover – An attacker ...) - TODO: check + NOT-FOR-US: Charactell - FormStorm Enterprise CVE-2022-22788 RESERVED CVE-2022-22787 @@ -5879,7 +5879,7 @@ CVE-2022-21713 CVE-2022-21712 RESERVED CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...) - TODO: check + NOT-FOR-US: elfspirit CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...) TODO: check CVE-2022-21709 -- cgit v1.2.3