From 160589e6e6d688eae52292f66bdc73b75b0bd0d6 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 1 Apr 2021 11:24:02 +0200 Subject: Process NFUs --- data/CVE/2019.list | 2 +- data/CVE/2020.list | 8 ++++---- data/CVE/2021.list | 20 ++++++++++---------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index c7b8dc218b..99b044624a 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -41883,7 +41883,7 @@ CVE-2019-5321 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 29 CVE-2019-5320 (Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5 ...) NOT-FOR-US: Aruba Intelligent Edge Switch Series CVE-2019-5319 (A remote buffer overflow vulnerability was discovered in some Aruba In ...) - TODO: check + NOT-FOR-US: Aruba CVE-2019-5318 RESERVED CVE-2019-5317 (A local authentication bypass vulnerability was discovered in some Aru ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 555adc8df9..d53e724b2c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -37,7 +37,7 @@ CVE-2020-36288 CVE-2020-36287 RESERVED CVE-2020-36286 (The membersOf of JQL search function in Jira Server and Data Center be ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-36285 RESERVED CVE-2020-36284 @@ -168,7 +168,7 @@ CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4. CVE-2020-36239 RESERVED CVE-2020-36238 (The /rest/api/1.0/render resource in Jira Server and Data Center befor ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2020-36237 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2020-36236 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) @@ -6351,9 +6351,9 @@ CVE-2020-28175 (There is a local privilege escalation vulnerability in Alfredo M CVE-2020-28174 RESERVED CVE-2020-28173 (Simple College Website 1.0 allows a user to conduct remote code execut ...) - TODO: check + NOT-FOR-US: Simple College Website CVE-2020-28172 (A SQL injection vulnerability in Simple College Website 1.0 allows rem ...) - TODO: check + NOT-FOR-US: Simple College Website CVE-2020-28171 RESERVED CVE-2020-28170 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 86d5afa972..93426dc69a 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1467,7 +1467,7 @@ CVE-2021-29253 CVE-2021-29252 RESERVED CVE-2021-29251 (BTCPay Server before 1.0.7.1 mishandles the policy setting in which us ...) - TODO: check + NOT-FOR-US: BTCPay Server CVE-2021-29250 RESERVED CVE-2021-29249 (BTCPay Server before 1.0.6.0, when the payment button is used, has a p ...) @@ -5671,7 +5671,7 @@ CVE-2021-27351 (The Terminate Session feature in the Telegram application throug CVE-2021-27350 RESERVED CVE-2021-27349 (Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a diffe ...) - TODO: check + NOT-FOR-US: WooCommerce CVE-2021-27348 RESERVED CVE-2021-27347 @@ -6534,7 +6534,7 @@ CVE-2021-26951 (An issue was discovered in the calamine crate before 0.17.0 for CVE-2021-26944 RESERVED CVE-2021-26943 (The UX360CA BIOS through 303 on ASUS laptops allow an attacker (with t ...) - TODO: check + NOT-FOR-US: UX360CA BIOS CVE-2021-26942 RESERVED CVE-2021-26941 @@ -8682,7 +8682,7 @@ CVE-2021-26073 CVE-2021-26072 RESERVED CVE-2021-26071 (The SetFeatureEnabled.jspa resource in Jira Server and Data Center bef ...) - TODO: check + NOT-FOR-US: Atlassian CVE-2021-26070 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2021-26069 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) @@ -16432,7 +16432,7 @@ CVE-2021-22540 CVE-2021-22539 RESERVED CVE-2021-22538 (A privilege escalation vulnerability impacting the Google Exposure Not ...) - TODO: check + NOT-FOR-US: Google Exposure Notification Verification Server CVE-2021-22537 RESERVED CVE-2021-22536 @@ -17579,7 +17579,7 @@ CVE-2021-21985 CVE-2021-21984 RESERVED CVE-2021-21983 (Arbitrary file write vulnerability in vRealize Operations Manager API ...) - TODO: check + NOT-FOR-US: vRealize Operations Manager API (Vmware) CVE-2021-21982 RESERVED CVE-2021-21981 @@ -17595,7 +17595,7 @@ CVE-2021-21977 CVE-2021-21976 (vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8. ...) NOT-FOR-US: vSphere Replication CVE-2021-21975 (Server Side Request Forgery in vRealize Operations Manager API (CVE-20 ...) - TODO: check + NOT-FOR-US: vRealize Operations Manager API (Vmware) CVE-2021-21974 (OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESX ...) NOT-FOR-US: VMware NOTE: Might affect src:openslp-dfsg, but removed years ago @@ -17996,7 +17996,7 @@ CVE-2021-21784 CVE-2021-21783 (A code execution vulnerability exists in the WS-Addressing plugin func ...) TODO: check CVE-2021-21782 (An out-of-bounds write vulnerability exists in the SGI format buffer s ...) - TODO: check + NOT-FOR-US: ImageGear CVE-2021-21781 RESERVED CVE-2021-21780 @@ -18008,13 +18008,13 @@ CVE-2021-21778 CVE-2021-21777 RESERVED CVE-2021-21776 (An out-of-bounds write vulnerability exists in the SGI Format Buffer S ...) - TODO: check + NOT-FOR-US: ImageGear CVE-2021-21775 RESERVED CVE-2021-21774 RESERVED CVE-2021-21773 (An out-of-bounds write vulnerability exists in the TIFF header count-p ...) - TODO: check + NOT-FOR-US: ImageGear CVE-2021-21772 (A use-after-free vulnerability exists in the NMR::COpcPackageReader::r ...) - lib3mf (bug #985092) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1226 -- cgit v1.2.3