From 2eb5f8555734df496eca9511dfafca489a3536bd Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 30 Nov 2021 21:26:47 +0100 Subject: Process more NFUs --- data/CVE/2020.list | 2 +- data/CVE/2021.list | 36 ++++++++++++++++++------------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 117b993554..ff3e067a56 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -54781,7 +54781,7 @@ CVE-2020-7881 (The vulnerability function is enabled when the streamer service r CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoRS rem ...) TODO: check CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...) - TODO: check + NOT-FOR-US: ipTIME C200 IP Camera CVE-2020-7878 RESERVED CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index b669fc40af..88ba8712cf 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -2953,7 +2953,7 @@ CVE-2021-3919 CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...) NOT-FOR-US: JetBrains Ktor CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...) - TODO: check + NOT-FOR-US: JetBrains TeamCity CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...) NOT-FOR-US: JetBrains TeamCity CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...) @@ -4417,9 +4417,9 @@ CVE-2021-42547 CVE-2021-42546 RESERVED CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42543 (The affected application uses specific functions that could be abused ...) NOT-FOR-US: AzeoTech CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...) @@ -5385,23 +5385,23 @@ CVE-2021-42125 CVE-2021-42124 RESERVED CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...) - TODO: check + NOT-FOR-US: Business-DNA Solutions CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...) NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith) NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf @@ -5469,7 +5469,7 @@ CVE-2021-41133 (Flatpak is a system for building, distributing, and running sand CVE-2021-42100 RESERVED CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...) NOT-FOR-US: Devolutions CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...) @@ -6470,11 +6470,11 @@ CVE-2021-41681 CVE-2021-41680 RESERVED CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) - TODO: check + NOT-FOR-US: openSIS CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) - TODO: check + NOT-FOR-US: openSIS CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) - TODO: check + NOT-FOR-US: openSIS CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) NOT-FOR-US: oretnom23 Pharmacy Point of Sale System CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) @@ -12874,7 +12874,7 @@ CVE-2021-39001 CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...) NOT-FOR-US: IBM CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38998 RESERVED CVE-2021-38997 @@ -30018,7 +30018,7 @@ CVE-2021-31789 CVE-2021-31788 RESERVED CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does ...) - TODO: check + NOT-FOR-US: Bluetooth Classic implementation on Actions ATS2815 chipsets CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...) NOT-FOR-US: Actions ATS CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...) -- cgit v1.2.3