diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-20 10:52:29 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-02-20 10:52:29 +0100 |
| commit | 1306d2b2143fa8c00498fc1eac3b766f7f98b543 (patch) | |
| tree | e9cca04300ea856411dff67be9fc9406840b10e7 | |
| parent | 2a062bf24f5a4b70a337df49e51336dbb2d9dd04 (diff) | |
Process some NFUs
| -rw-r--r-- | data/CVE/2019.list | 4 | ||||
| -rw-r--r-- | data/CVE/2020.list | 18 | ||||
| -rw-r--r-- | data/CVE/2021.list | 22 |
3 files changed, 22 insertions, 22 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 1706cfa17f..388748e53b 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -7113,7 +7113,7 @@ CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, mu CVE-2019-18256 (BIOTRONIK CardioMessenger II, The affected products use individual per ...) NOT-FOR-US: BIOTRONIK CardioMessenge CVE-2019-18255 (HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated u ...) - TODO: check + NOT-FOR-US: HMI/SCADA iFIX CVE-2019-18254 (BIOTRONIK CardioMessenger II, The affected products do not encrypt sen ...) NOT-FOR-US: BIOTRONIK CardioMessenge CVE-2019-18253 (An attacker could use specially crafted paths in a specific request to ...) @@ -7137,7 +7137,7 @@ CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allo CVE-2019-18244 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft CVE-2019-18243 (HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated u ...) - TODO: check + NOT-FOR-US: HMI/SCADA iFIX CVE-2019-18242 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...) NOT-FOR-US: Moxa CVE-2019-18241 (In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all ver ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index f20ba10072..791e3cb463 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -6570,7 +6570,7 @@ CVE-2020-27999 CVE-2020-27998 (An issue was discovered in FastReport before 2020.4.0. It lacks a Scri ...) NOT-FOR-US: FastReport CVE-2020-27997 (An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross S ...) - TODO: check + NOT-FOR-US: SmartStoreNET CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does not pro ...) NOT-FOR-US: SmartStoreNET CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...) @@ -13301,7 +13301,7 @@ CVE-2020-25173 (An attacker with local network access can obtain a fixed cryptog CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite Version A ...) NOT-FOR-US: B. Braun OnlineSuite Version AP CVE-2020-25171 (The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 ar ...) - TODO: check + NOT-FOR-US: Fuji Electric CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feature in ...) NOT-FOR-US: B. Braun OnlineSuite Version AP CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...) @@ -14505,7 +14505,7 @@ CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...) NOT-FOR-US: JetBrains CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribe ...) - TODO: check + NOT-FOR-US: Mailtrain CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) - jackson-databind 2.12.1-1 [buster] - jackson-databind <no-dsa> (Minor issue) @@ -15009,7 +15009,7 @@ CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS serv [stretch] - linux <not-affected> (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/22cf8419f1319ff87ec759d0ebdff4cbafaee832 CVE-2020-24393 (TweetStream 2.6.1 uses the library eventmachine in an insecure way tha ...) - TODO: check + NOT-FOR-US: TweetStream CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation allow ...) TODO: check CVE-2020-24391 @@ -38643,7 +38643,7 @@ CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists in the f ...) - TODO: check + NOT-FOR-US: Sytech XL Reporter CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...) NOT-FOR-US: Foxit Reader CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...) @@ -40178,7 +40178,7 @@ CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate a CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) NOT-FOR-US: Veritas CVE-2020-12873 (An issue was discovered in Alfresco Enterprise Content Management (ECM ...) - TODO: check + NOT-FOR-US: Alfresco Enterprise Content Management (ECM) CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) - erlang 1:21.2.6+dfsg-1 (low) [stretch] - erlang 1:19.2.1+dfsg-2+deb9u3 @@ -40793,7 +40793,7 @@ CVE-2020-12670 (XSS exists in Webmin 1.941 and earlier affecting the Save functi CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...) - dolibarr <removed> CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by calling Java ...) - TODO: check + NOT-FOR-US: Jinjava CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) - knot-resolver 5.1.1-0.1 (bug #961076) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ @@ -41599,7 +41599,7 @@ CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Serv CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) - TODO: check + NOT-FOR-US: Intel CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers before v ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...) @@ -49878,7 +49878,7 @@ CVE-2020-9052 CVE-2020-9051 RESERVED CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) ...) - TODO: check + NOT-FOR-US: Metasys Reporting Engine (MRE) Web Services CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...) NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index d611df9433..dbeb2b41e5 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1,5 +1,5 @@ CVE-2021-27509 (In Visualware MyConnection Server before 11.0b build 5382, each publis ...) - TODO: check + NOT-FOR-US: Visualware MyConnection Server CVE-2021-27508 RESERVED CVE-2021-27507 @@ -370,7 +370,7 @@ CVE-2021-27330 CVE-2021-27329 (Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or ...) NOT-FOR-US: Friendica CVE-2021-27328 (Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Trave ...) - TODO: check + NOT-FOR-US: Yeastar NeoGate TG400 91.3.0.3 devices CVE-2021-27327 RESERVED CVE-2021-27326 @@ -597,7 +597,7 @@ CVE-2021-27216 CVE-2021-27215 RESERVED CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...) NOT-FOR-US: pystemon CVE-2021-27212 (In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion ...) @@ -3780,7 +3780,7 @@ CVE-2021-3212 CVE-2021-3211 RESERVED CVE-2021-3210 (components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound &l ...) - TODO: check + NOT-FOR-US: Bloodhound CVE-2021-3209 RESERVED CVE-2021-3208 @@ -3792,7 +3792,7 @@ CVE-2021-3206 CVE-2021-3205 RESERVED CVE-2021-3204 (SSRF in the document conversion component of Webware Webdesktop 5.1.15 ...) - TODO: check + NOT-FOR-US: Webware Webdesktop CVE-2021-3203 RESERVED CVE-2021-3202 @@ -10537,11 +10537,11 @@ CVE-2021-22705 CVE-2021-22704 RESERVED CVE-2021-22703 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) - TODO: check + NOT-FOR-US: PowerLogic CVE-2021-22702 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) - TODO: check + NOT-FOR-US: PowerLogic CVE-2021-22701 (A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLog ...) - TODO: check + NOT-FOR-US: PowerLogic CVE-2021-22700 RESERVED CVE-2021-22699 @@ -13393,7 +13393,7 @@ CVE-2021-21320 CVE-2021-21319 RESERVED CVE-2021-21318 (Opencast is a free, open-source platform to support the management of ...) - TODO: check + NOT-FOR-US: Opencast CVE-2021-21317 (uap-core in an open-source npm package which contains the core of Brow ...) NOT-FOR-US: Node uap-core CVE-2021-21316 (less-openui5 is an npm package which enables building OpenUI5 themes w ...) @@ -15014,9 +15014,9 @@ CVE-2021-20590 CVE-2021-20589 RESERVED CVE-2021-20588 (Improper handling of length parameter inconsistency vulnerability in M ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Eng ...) - TODO: check + NOT-FOR-US: Mitsubishi CVE-2021-20586 (Resource management errors vulnerability in a robot controller of MELF ...) NOT-FOR-US: Mitsubishi CVE-2021-20585 |