From 228171c6285f2fbacffc63c4e03780e8c7c23fdf Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 31 Mar 2021 10:31:00 +0200 Subject: new ircii issue NFUs --- data/CVE/2020.list | 4 ++-- data/CVE/2021.list | 43 ++++++++++++++++++++++--------------------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index d00066e44f..2d94252ad0 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -2743,9 +2743,9 @@ CVE-2020-35140 CVE-2020-35139 RESERVED CVE-2020-35138 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...) - TODO: check + NOT-FOR-US: MobileIron CVE-2020-35137 (The MobileIron agents through 2021-03-22 for Android and iOS contain a ...) - TODO: check + NOT-FOR-US: MobileIron CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. ...) - dolibarr CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index de6999b42b..967964dce1 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -42,7 +42,7 @@ CVE-2021-29644 CVE-2021-29643 RESERVED CVE-2021-29642 (GistPad before 0.2.7 allows a crafted workspace folder to change the U ...) - TODO: check + NOT-FOR-US: GistPad CVE-2021-29641 RESERVED CVE-2021-29640 @@ -518,7 +518,7 @@ CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...) TODO: check CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...) - TODO: check + NOT-FOR-US: Burp Suite (different from src:burp) CVE-2021-29415 RESERVED CVE-2021-29414 @@ -598,7 +598,8 @@ CVE-2021-29378 CVE-2021-29377 RESERVED CVE-2021-29376 (ircII before 20210314 allows remote attackers to cause a denial of ser ...) - TODO: check + - ircii + NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/2 CVE-2021-29375 RESERVED CVE-2021-29374 @@ -822,7 +823,7 @@ CVE-2021-29269 CVE-2021-29268 RESERVED CVE-2021-29267 (Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XS ...) - TODO: check + NOT-FOR-US: SherlockIM CVE-2021-29266 (An issue was discovered in the Linux kernel before 5.11.9. drivers/vho ...) - linux 5.10.26-1 (unimportant) [buster] - linux (Vulnerable code introduced later) @@ -5295,15 +5296,15 @@ CVE-2021-27246 CVE-2021-27245 (This vulnerability allows a firewall bypass on affected installations ...) NOT-FOR-US: TP-Link CVE-2021-27244 (This vulnerability allows local attackers to disclose sensitive inform ...) - TODO: check + NOT-FOR-US: Parallels CVE-2021-27243 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels CVE-2021-27242 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: Parallels CVE-2021-27241 (This vulnerability allows local attackers to delete arbitrary director ...) - TODO: check + NOT-FOR-US: Avast CVE-2021-27240 (This vulnerability allows local attackers to escalate privileges on af ...) - TODO: check + NOT-FOR-US: SolarWinds CVE-2021-27239 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2021-27238 @@ -6829,7 +6830,7 @@ CVE-2021-26581 CVE-2021-26580 RESERVED CVE-2021-26579 (A security vulnerability in HPE Unified Data Management (UDM) could al ...) - TODO: check + NOT-FOR-US: HPE CVE-2021-26578 (A potential security vulnerability has been identified in HPE Network ...) NOT-FOR-US: HPE Network Orchestrator (NetO) CVE-2021-26577 (The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 Sy ...) @@ -16529,7 +16530,7 @@ CVE-2021-22196 CVE-2021-22195 RESERVED CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys ...) - TODO: check + - gitlab CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2021-22192 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -16558,7 +16559,7 @@ CVE-2021-22185 (Insufficient input sanitization in wikis in GitLab version 13.8 - gitlab (Only affects 13.8) NOTE: https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/ CVE-2021-22184 (An information disclosure issue in GitLab starting from version 12.8 a ...) - TODO: check + - gitlab CVE-2021-22183 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.6.6-1 - gitlab @@ -16568,7 +16569,7 @@ CVE-2021-22182 (An issue has been discovered in GitLab affecting all versions st CVE-2021-22181 RESERVED CVE-2021-22180 (An issue has been discovered in GitLab affecting all versions starting ...) - TODO: check + - gitlab CVE-2021-22179 (A vulnerability was discovered in GitLab versions before 12.2. GitLab ...) - gitlab CVE-2021-22178 (An issue has been discovered in GitLab affecting all versions starting ...) @@ -18167,9 +18168,9 @@ CVE-2021-21414 CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to v8's Iso ...) TODO: check CVE-2021-21412 (Potential for arbitrary code execution in npm package @thi.ng/egf `#gp ...) - TODO: check + NOT-FOR-US: Node @thi.ng/egf CVE-2021-21411 (OAuth2-Proxy is an open source reverse proxy that provides authenticat ...) - TODO: check + - oauth2-proxy (bug #982891) CVE-2021-21410 RESERVED CVE-2021-21409 (Netty is an open-source, asynchronous event-driven network application ...) @@ -18200,7 +18201,7 @@ CVE-2021-21400 CVE-2021-21399 RESERVED CVE-2021-21398 (PrestaShop is a fully scalable open source e-commerce solution. In Pre ...) - TODO: check + NOT-FOR-US: PrestaShop CVE-2021-21397 RESERVED CVE-2021-21396 (wire-server is an open-source back end for Wire, a secure collaboratio ...) @@ -23341,13 +23342,13 @@ CVE-2021-1631 CVE-2021-1630 RESERVED CVE-2021-1629 (Tableau Server fails to validate certain URLs that are embedded in ema ...) - TODO: check + NOT-FOR-US: Tableau Server CVE-2021-1628 (MuleSoft is aware of a XML External Entity (XXE) vulnerability affecti ...) - TODO: check + NOT-FOR-US: Tableau Server CVE-2021-1627 (MuleSoft is aware of a Server Side Request Forgery vulnerability affec ...) - TODO: check + NOT-FOR-US: MuleSoft CVE-2021-1626 (MuleSoft is aware of a Remote Code Execution vulnerability affecting c ...) - TODO: check + NOT-FOR-US: MuleSoft CVE-2021-1625 RESERVED CVE-2021-1624 @@ -23615,7 +23616,7 @@ CVE-2021-1494 CVE-2021-1493 RESERVED CVE-2021-1492 (The Duo Authentication Proxy installer prior to 5.2.1 did not properly ...) - TODO: check + NOT-FOR-US: Duo Authentication Proxy CVE-2021-1491 RESERVED CVE-2021-1490 -- cgit v1.2.3