From 1f643b76da5ff90ccee6c8393a4c2bba7c24a378 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 31 Oct 2021 09:04:06 +0100 Subject: Process NFUs --- data/CVE/2020.list | 14 +++++++------- data/CVE/2021.list | 42 +++++++++++++++++++++--------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 3b4db06aff..141384c97c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3591,7 +3591,7 @@ CVE-2020-29631 CVE-2020-29630 RESERVED CVE-2020-29629 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-29628 RESERVED CVE-2020-29627 @@ -12478,7 +12478,7 @@ CVE-2020-25883 CVE-2020-25882 RESERVED CVE-2020-25881 (A vulnerability was discovered in the filename parameter in pathindex. ...) - TODO: check + NOT-FOR-US: RKCMS CVE-2020-25880 RESERVED CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 'Manage Users ...) @@ -12494,9 +12494,9 @@ CVE-2020-25875 (A stored cross site scripting (XSS) vulnerability in the 'Smiley CVE-2020-25874 RESERVED CVE-2020-25873 (A directory traversal vulnerability in the component system/manager/cl ...) - TODO: check + NOT-FOR-US: Baijiacms CVE-2020-25872 (A vulnerability exists within the FileManagerController.php function i ...) - TODO: check + NOT-FOR-US: FrogCMS CVE-2020-25871 RESERVED CVE-2020-25870 @@ -21039,7 +21039,7 @@ CVE-2020-22081 CVE-2020-22080 RESERVED CVE-2020-22079 (Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0 ...) - TODO: check + NOT-FOR-US: Tenda CVE-2020-22078 RESERVED CVE-2020-22077 @@ -49796,7 +49796,7 @@ CVE-2020-9899 (A memory corruption issue was addressed with improved input valid CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2020-9897 (An out-of-bounds write was addressed with improved input validation. T ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-9896 RESERVED CVE-2020-9895 (A use after free issue was addressed with improved memory management. ...) @@ -50166,7 +50166,7 @@ CVE-2020-10007 (A logic issue was addressed with improved state management. This CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2020-10005 (A resource exhaustion issue was addressed with improved input validati ...) - TODO: check + NOT-FOR-US: Apple CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 0952aec366..4b2052cd36 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -175,7 +175,7 @@ CVE-2021-43011 CVE-2021-3905 RESERVED CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...) - TODO: check + NOT-FOR-US: Grav CMS CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow ...) - vim 2:8.2.3565-1 NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 @@ -4312,7 +4312,7 @@ CVE-2021-41155 (Tuleap is a Free & Open Source Suite to improve management o CVE-2021-41154 (Tuleap is a Free & Open Source Suite to improve management of soft ...) NOT-FOR-US: Tuleap CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) - TODO: check + NOT-FOR-US: Rust evm crate CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) NOT-FOR-US: OpenOlat CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) @@ -4599,7 +4599,7 @@ CVE-2021-41037 CVE-2021-41036 RESERVED CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...) - TODO: check + NOT-FOR-US: Eclipse OpenJ9 CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) NOT-FOR-US: Eclipse Che CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...) @@ -8900,17 +8900,17 @@ CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for A CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...) - grafana CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...) - TODO: check + NOT-FOR-US: Nextcloud Deck CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) - TODO: check + NOT-FOR-US: Nextcloud OfficeOnline CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) - TODO: check + NOT-FOR-US: Nextcloud Richdocuments CVE-2021-39222 RESERVED CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) - TODO: check + NOT-FOR-US: Nextcloud Contacts CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...) - TODO: check + NOT-FOR-US: Nextcloud Mail CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtim ...) NOT-FOR-US: wasmtime CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasm ...) @@ -14543,7 +14543,7 @@ CVE-2021-36810 CVE-2021-36809 RESERVED CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...) - TODO: check + NOT-FOR-US: Sophos CVE-2021-36807 RESERVED CVE-2021-36806 @@ -28531,7 +28531,7 @@ CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-30898 REJECTED CVE-2021-30897 @@ -47522,7 +47522,7 @@ CVE-2021-22963 (A redirect vulnerability in the fastify-static module version &l CVE-2021-22962 RESERVED CVE-2021-22961 (A code injection vulnerability exists within the firewall software of ...) - TODO: check + NOT-FOR-US: GlassWire CVE-2021-22960 [HTTP Request Smuggling when parsing the body] RESERVED - nodejs 12.22.7~dfsg-1 @@ -49479,7 +49479,7 @@ CVE-2021-22103 CVE-2021-22102 RESERVED CVE-2021-22101 (Cloud Controller versions prior to 1.118.0 are vulnerable to unauthent ...) - TODO: check + NOT-FOR-US: Cloud Foundry Cloud Controller CVE-2021-22100 RESERVED CVE-2021-22099 @@ -49605,9 +49605,9 @@ CVE-2021-22040 CVE-2021-22039 RESERVED CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...) - TODO: check + NOT-FOR-US: InstallBuilder CVE-2021-22037 (Under certain circumstances, when manipulating the Windows registry, I ...) - TODO: check + NOT-FOR-US: InstallBuilder CVE-2021-22036 (VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redi ...) NOT-FOR-US: VMware CVE-2021-22035 (VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Se ...) @@ -56279,7 +56279,7 @@ CVE-2021-1823 CVE-2021-1822 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2021-1821 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2021-1820 (A memory initialization issue was addressed with improved memory handl ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 @@ -57712,17 +57712,17 @@ CVE-2021-1125 CVE-2021-1124 RESERVED CVE-2021-1123 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2021-1122 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2021-1121 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2021-1120 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2021-1119 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2021-1118 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) - TODO: check + NOT-FOR-US: NVIDIA CVE-2021-1117 (Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sy ...) TODO: check CVE-2021-1116 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) -- cgit v1.2.3