From a1487cff70016be1b8044d39fa7e4384c14c2f20 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 26 Oct 2021 22:42:43 +0200 Subject: Process NFUs --- data/CVE/list | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index a34c4c4323..b756462688 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -3822,7 +3822,7 @@ CVE-2021-41875 CVE-2021-41874 RESERVED CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) - TODO: check + NOT-FOR-US: Penguin Aurora TV Box 41502 CVE-2021-41872 RESERVED CVE-2021-41871 @@ -5380,13 +5380,13 @@ CVE-2021-41190 CVE-2021-41189 RESERVED CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) - TODO: check + NOT-FOR-US: Shopware CVE-2021-41187 RESERVED CVE-2021-41186 RESERVED CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...) - TODO: check + NOT-FOR-US: Mycodo CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) - jqueryui NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 @@ -5413,13 +5413,13 @@ CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform. CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) NOT-FOR-US: Pterodactyl CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...) - TODO: check + NOT-FOR-US: Pi-hole CVE-2021-41174 RESERVED CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) TODO: check CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...) - TODO: check + NOT-FOR-US: AntSword plugin for Redis CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...) NOT-FOR-US: eLabFTW CVE-2021-41170 @@ -5652,7 +5652,7 @@ CVE-2021-3802 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649 NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary code ex ...) - TODO: check + NOT-FOR-US: Nameko CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity ...) - node-prismjs 1.25.0+dfsg-1 [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1 @@ -7379,11 +7379,11 @@ CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets sec ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includes sec ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...) - TODO: check + NOT-FOR-US: Nagios XI CVE-2021-40342 RESERVED CVE-2021-40341 @@ -14535,9 +14535,9 @@ CVE-2021-37374 CVE-2021-37373 RESERVED CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...) - TODO: check + NOT-FOR-US: Online Student Admission System CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...) - TODO: check + NOT-FOR-US: Online Student Admission System CVE-2021-37370 RESERVED CVE-2021-37369 @@ -14551,9 +14551,9 @@ CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request fo CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...) NOT-FOR-US: CTparental CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default ...) - TODO: check + NOT-FOR-US: OpenClinic CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 11.00.00. A lo ...) - TODO: check + NOT-FOR-US: Gestionale Open CVE-2021-37362 RESERVED CVE-2021-37361 @@ -21001,13 +21001,13 @@ CVE-2021-34598 CVE-2021-34597 RESERVED CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-34594 RESERVED CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-34592 RESERVED CVE-2021-34591 @@ -21021,13 +21021,13 @@ CVE-2021-34588 CVE-2021-34587 RESERVED CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-34584 (Crafted web server requests can be utilised to read partial stack or h ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...) - TODO: check + NOT-FOR-US: CODESYS CVE-2021-34582 RESERVED CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...) @@ -41048,7 +41048,7 @@ CVE-2021-26611 CVE-2021-26610 RESERVED CVE-2021-26609 (A vulnerability was found in Mangboard(WordPress plugin). A SQL-Inject ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-26608 (An arbitrary file download and execution vulnerability was found in th ...) NOT-FOR-US: handysoft CVE-2021-26607 (An Improper input validation in execDefaultBrowser method of NEXACRO17 ...) -- cgit v1.2.3