From af1cdf50cecfadad0ba67a21127127bf2fbd9882 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 9 Apr 2020 23:51:46 +0200 Subject: NFUs --- data/CVE/2018.list | 2 +- data/CVE/2019.list | 12 +++--- data/CVE/2020.list | 108 ++++++++++++++++++++++++++--------------------------- 3 files changed, 61 insertions(+), 61 deletions(-) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 8503bf611b..040c5dd085 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -120,7 +120,7 @@ CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to NOTE: https://bugreports.qt.io/browse/QTBUG-70693 NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...) - TODO: check + NOT-FOR-US: Argo CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...) NOT-FOR-US: Hitachi CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 3d823134bb..95304decc8 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -7444,7 +7444,7 @@ CVE-2019-17659 CVE-2019-17658 (An unquoted service path vulnerability in the FortiClient FortiTray co ...) NOT-FOR-US: Fortiguard CVE-2019-17657 (An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSw ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2019-17656 RESERVED CVE-2019-17655 @@ -12118,7 +12118,7 @@ CVE-2019-15790 RESERVED NOT-FOR-US: Apport CVE-2019-15789 (Privilege escalation vulnerability in MicroK8s allows a low privilege ...) - TODO: check + NOT-FOR-US: MicroK8s CVE-2019-15807 (In the Linux kernel before 5.1.13, there is a memory leak in drivers/s ...) {DLA-1930-1 DLA-1919-1} - linux 5.2.6-1 @@ -18204,7 +18204,7 @@ CVE-2019-13561 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote atta CVE-2019-13560 (D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers ...) NOT-FOR-US: D-Link CVE-2019-13559 (GE Mark VIe Controller is shipped with pre-configured hard-coded crede ...) - TODO: check + NOT-FOR-US: GE Mark VIe Controller CVE-2019-13558 (In WebAccess versions 8.4.1 and prior, an exploit executed over the ne ...) NOT-FOR-US: WebAccess CVE-2019-13557 (In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an ...) @@ -18214,7 +18214,7 @@ CVE-2019-13556 (In WebAccess versions 8.4.1 and prior, multiple stack-based buff CVE-2019-13555 (In Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU: serial n ...) NOT-FOR-US: Mitsubishi CVE-2019-13554 (GE Mark VIe Controller has an unsecured Telnet protocol that may allow ...) - TODO: check + NOT-FOR-US: GE Mark VIe Controller CVE-2019-13553 (Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb ...) NOT-FOR-US: Rittal Chiller SK 3232-Series CVE-2019-13552 (In WebAccess versions 8.4.1 and prior, multiple command injection vuln ...) @@ -42681,11 +42681,11 @@ CVE-2019-4395 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0. CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 con ...) NOT-FOR-US: IBM CVE-2019-4393 (HCL AppScan Standard is vulnerable to excessive authorization attempts ...) - TODO: check + NOT-FOR-US: HCL AppScan CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...) NOT-FOR-US: HCL AppScan CVE-2019-4391 (HCL AppScan Standard is vulnerable to XML External Entity Injection (X ...) - TODO: check + NOT-FOR-US: HCL AppScan CVE-2019-4390 RESERVED CVE-2019-4389 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 56a4d73ed1..52624ea4f5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -2276,11 +2276,11 @@ CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists CVE-2020-10632 RESERVED CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10630 RESERVED CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10628 RESERVED CVE-2020-10627 @@ -2288,23 +2288,23 @@ CVE-2020-10627 CVE-2020-10626 RESERVED CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10624 RESERVED CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10622 RESERVED CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10620 RESERVED CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10618 RESERVED CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10616 RESERVED CVE-2020-10615 @@ -2332,7 +2332,7 @@ CVE-2020-10605 CVE-2020-10604 RESERVED CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) - TODO: check + NOT-FOR-US: WebAccess/NMS CVE-2020-10602 RESERVED CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) @@ -2453,7 +2453,7 @@ CVE-2020-10553 CVE-2020-10552 RESERVED CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) - TODO: check + NOT-FOR-US: QQBrowser CVE-2020-10550 RESERVED CVE-2020-10549 @@ -2833,7 +2833,7 @@ CVE-2020-10368 CVE-2020-10367 RESERVED CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) - TODO: check + NOT-FOR-US: LogicalDoc CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) NOT-FOR-US: LogicalDoc CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) @@ -3039,9 +3039,9 @@ CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 up CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...) NOT-FOR-US: CB3 SW CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...) - TODO: check + NOT-FOR-US: XIAOMI CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...) - TODO: check + NOT-FOR-US: XIAOMI CVE-2020-10261 RESERVED CVE-2020-10260 @@ -4675,9 +4675,9 @@ CVE-2020-9502 CVE-2020-9501 RESERVED CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) - TODO: check + NOT-FOR-US: Dahua CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) - TODO: check + NOT-FOR-US: Dahua CVE-2020-9498 RESERVED CVE-2020-9497 @@ -6176,11 +6176,11 @@ CVE-2020-8830 CVE-2020-8829 RESERVED CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) - TODO: check + NOT-FOR-US: Argo CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) - TODO: check + NOT-FOR-US: Argo CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) - TODO: check + NOT-FOR-US: Argo CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) @@ -8142,7 +8142,7 @@ CVE-2020-7924 CVE-2020-7923 RESERVED CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) - TODO: check + NOT-FOR-US: MongoDB Enterprise CVE-2020-7921 RESERVED CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...) @@ -8716,23 +8716,23 @@ CVE-2020-7641 CVE-2020-7640 RESERVED CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...) - TODO: check + NOT-FOR-US: Node eivindfjeldstad-dot CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...) - TODO: check + NOT-FOR-US: Node confinit CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...) - TODO: check + NOT-FOR-US: Node class-transformer CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...) - TODO: check + NOT-FOR-US: Node adb-driver CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...) - TODO: check + NOT-FOR-US: Node compass-compile CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...) - TODO: check + NOT-FOR-US: Node heroku-addonpool CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...) - TODO: check + NOT-FOR-US: Node apiconnect-cli-plugins CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...) - TODO: check + NOT-FOR-US: Node node-mpv CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...) - TODO: check + NOT-FOR-US: Node diskusage-ng CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...) NOT-FOR-US: git-add-remote node module CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...) @@ -8758,17 +8758,17 @@ CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.I CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...) NOT-FOR-US: get-git-data node module CVE-2020-7618 (sds through 3.2.0 is vulnerable to Prototype Pollution.The library cou ...) - TODO: check + NOT-FOR-US: Node sds CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...) NOT-FOR-US: Node ini-parser CVE-2020-7616 (express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollu ...) - TODO: check + NOT-FOR-US: Node express-mock-middleware CVE-2020-7615 (fsa through 0.5.1 is vulnerable to Command Injection. The first argume ...) - TODO: check + NOT-FOR-US: Node fsa CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injection.The ...) - TODO: check + NOT-FOR-US: npm-programmatic CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...) - TODO: check + NOT-FOR-US: Node clamscan CVE-2020-7612 RESERVED CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...) @@ -10205,7 +10205,7 @@ CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and pr CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6974 (Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a pa ...) - TODO: check + NOT-FOR-US: Honeywell CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...) @@ -10998,7 +10998,7 @@ CVE-2020-6649 CVE-2020-6648 RESERVED CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...) NOT-FOR-US: Fortiguard CVE-2020-6645 @@ -12146,7 +12146,7 @@ CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncont CVE-2020-6172 RESERVED CVE-2020-6171 (A cross-site scripting (XSS) vulnerability in the index page of the CL ...) - TODO: check + NOT-FOR-US: Clink Office CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...) NOT-FOR-US: Genexis CVE-2020-6169 @@ -13040,11 +13040,11 @@ CVE-2020-5738 CVE-2020-5737 RESERVED CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...) - TODO: check + NOT-FOR-US: Amcrest CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...) - TODO: check + NOT-FOR-US: Amcrest CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2020-5733 RESERVED CVE-2020-5732 @@ -13412,9 +13412,9 @@ CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allow CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...) NOT-FOR-US: Toyota CVE-2020-5550 (Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earli ...) - TODO: check + NOT-FOR-US: EasyBlocks CVE-2020-5549 (Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver ...) - TODO: check + NOT-FOR-US: EasyBlocks CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...) NOT-FOR-US: Yamaha CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...) @@ -13948,7 +13948,7 @@ CVE-2020-5304 CVE-2020-5303 RESERVED CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...) - TODO: check + NOT-FOR-US: MH-WikiBot CVE-2020-5301 RESERVED CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...) @@ -14046,7 +14046,7 @@ CVE-2020-5265 CVE-2020-5264 RESERVED CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...) - TODO: check + NOT-FOR-US: Node auth0-js CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...) NOT-FOR-US: EasyBuild CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...) @@ -20778,23 +20778,23 @@ CVE-2020-1994 CVE-2020-1993 RESERVED CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1990 (A stack-based buffer overflow vulnerability in the management server c ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1989 (An incorrect privilege assignment vulnerability when writing applicati ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1988 (An unquoted search path vulnerability in the Windows release of Global ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1987 (An information exposure vulnerability in the logging component of Palo ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1986 (Improper input validation vulnerability in Secdo allows an authenticat ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in S ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1983 RESERVED CVE-2020-1982 @@ -20806,7 +20806,7 @@ CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...) NOT-FOR-US: PAN-OS CVE-2020-1978 (TechSupport files generated on Palo Alto Networks VM Series firewalls ...) - TODO: check + NOT-FOR-US: Palo Alto Networks CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) NOT-FOR-US: Palo Alto CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) @@ -21027,7 +21027,7 @@ CVE-2020-1897 CVE-2020-1896 RESERVED CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...) - TODO: check + NOT-FOR-US: Instagram for Android CVE-2020-1894 RESERVED CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...) @@ -21047,7 +21047,7 @@ CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions CVE-2020-1886 RESERVED CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...) - TODO: check + NOT-FOR-US: Oculus Desktop CVE-2020-1884 RESERVED CVE-2020-1883 -- cgit v1.2.3