From 4a51773a77a212cd224b143378de639c0bd635a2 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 3 Jan 2022 21:31:33 +0100 Subject: Process some NFUs --- data/CVE/2020.list | 2 +- data/CVE/2021.list | 80 +++++++++++++++++++++++++++--------------------------- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 0258bb6574..8647c164ed 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -23143,7 +23143,7 @@ CVE-2020-21240 CVE-2020-21239 RESERVED CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers to hijac ...) - TODO: check + NOT-FOR-US: CSCMS CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers to hija ...) NOT-FOR-US: LJCMS CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit of Dami ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 4815e9d8ba..84e2c8a4e7 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -39,7 +39,7 @@ CVE-2021-46111 CVE-2021-46110 RESERVED CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-46108 RESERVED CVE-2021-46107 @@ -544,9 +544,9 @@ CVE-2021-4189 [ftplib should not use the host from the PASV response] CVE-2021-45918 RESERVED CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...) - TODO: check + NOT-FOR-US: Shockwall system CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...) - TODO: check + NOT-FOR-US: Shockwall system CVE-2021-45915 RESERVED CVE-2021-45914 @@ -804,7 +804,7 @@ CVE-2021-45819 CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...) NOT-FOR-US: SAFARI Montage CVE-2021-45817 (Web Viewer for Hanwha DVR version 2.17 is affected by a Cross Site Scr ...) - TODO: check + NOT-FOR-US: Web Viewer for Hanwha DVR CVE-2021-45816 RESERVED CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...) @@ -1752,9 +1752,9 @@ CVE-2021-45430 CVE-2021-45429 RESERVED CVE-2021-45428 (TLR-2005KSH is affected by an incorrect access control vulnerability. ...) - TODO: check + NOT-FOR-US: TLR-2005KSH CVE-2021-45427 (Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated ar ...) - TODO: check + NOT-FOR-US: Emerson CVE-2021-45426 RESERVED CVE-2021-45425 (Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 an ...) @@ -3050,7 +3050,7 @@ CVE-2021-44898 CVE-2021-44897 RESERVED CVE-2021-44896 (DMP Roadmap before 3.0.4 allows XSS. ...) - TODO: check + NOT-FOR-US: DMP Roadmap CVE-2021-44895 RESERVED CVE-2021-44894 @@ -3165,7 +3165,7 @@ CVE-2021-44854 [REST API incorrectly publicly caches autocomplete search results CVE-2021-44853 RESERVED CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...) - TODO: check + NOT-FOR-US: Biostar RACING GT Evo CVE-2021-44851 RESERVED CVE-2021-44850 @@ -3687,7 +3687,7 @@ CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web CVE-2021-4071 RESERVED CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...) - TODO: check + NOT-FOR-US: Open-AudIT CVE-2021-44673 RESERVED CVE-2021-44672 @@ -4971,13 +4971,13 @@ CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special c CVE-2021-44162 (Chain Sea ai chatbot system’s specific file download function ha ...) NOT-FOR-US: Chain Sea CVE-2021-44161 (Changing MOTP (Mobile One Time Password) system’s specific funct ...) - TODO: check + NOT-FOR-US: MOTP (Mobile One Time Password) system& CVE-2021-44160 (Carinal Tien Hospital Health Report System’s login page has impr ...) NOT-FOR-US: Carinal Tien Hospital Health Report System& CVE-2021-44159 (4MOSAn GCB Doctor’s file upload function has improper user privi ...) NOT-FOR-US: 4MOSAn GCB Doctor CVE-2021-44158 (ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflo ...) - TODO: check + NOT-FOR-US: ASUS CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) {DSA-5027-1 DLA-2869-1} - xorg-server 2:1.20.13-3 @@ -5709,7 +5709,7 @@ CVE-2021-43878 CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability ...) NOT-FOR-US: .NET core CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability. ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2021-43874 @@ -7114,7 +7114,7 @@ CVE-2021-43335 CVE-2021-43334 RESERVED CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) - TODO: check + NOT-FOR-US: Datalogic CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) - mailman (bug #1000367) [buster] - mailman (Minor issue) @@ -10809,7 +10809,7 @@ CVE-2021-41768 CVE-2021-41767 RESERVED CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization ...) - TODO: check + NOT-FOR-US: openwhyd CVE-2021-41766 RESERVED CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...) @@ -18164,7 +18164,7 @@ CVE-2021-38689 CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...) TODO: check CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...) NOT-FOR-US: QNAP CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...) @@ -18178,7 +18178,7 @@ CVE-2021-38682 CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...) NOT-FOR-US: QNAP CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-38679 RESERVED CVE-2021-38678 @@ -22840,7 +22840,7 @@ CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current wor CVE-2021-36752 RESERVED CVE-2021-36751 (ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such ...) - TODO: check + NOT-FOR-US: ENC DataVault CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...) NOT-FOR-US: ENC CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...) @@ -26769,9 +26769,9 @@ CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect v CVE-2021-35036 RESERVED CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...) - TODO: check + NOT-FOR-US: Zyxel CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...) NOT-FOR-US: Zyxel CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...) @@ -48927,7 +48927,7 @@ CVE-2021-25996 CVE-2021-25995 RESERVED CVE-2021-25994 (In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Head ...) - TODO: check + NOT-FOR-US: Userfrosting CVE-2021-25993 (In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected b ...) TODO: check CVE-2021-25992 @@ -51344,7 +51344,7 @@ CVE-2021-25042 CVE-2021-25041 (The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerabl ...) NOT-FOR-US: WordPress plugin CVE-2021-25040 (The Booking Calendar WordPress plugin before 8.9.2 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25039 RESERVED CVE-2021-25038 @@ -51364,13 +51364,13 @@ CVE-2021-25032 CVE-2021-25031 RESERVED CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25029 RESERVED CVE-2021-25028 RESERVED CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25026 RESERVED CVE-2021-25025 @@ -51378,13 +51378,13 @@ CVE-2021-25025 CVE-2021-25024 RESERVED CVE-2021-25023 (The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25022 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.6 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25021 (The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 do ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25020 (The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25019 RESERVED CVE-2021-25018 @@ -51392,7 +51392,7 @@ CVE-2021-25018 CVE-2021-25017 RESERVED CVE-2021-25016 (The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25015 RESERVED CVE-2021-25014 @@ -51422,11 +51422,11 @@ CVE-2021-25003 CVE-2021-25002 RESERVED CVE-2021-25001 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25000 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24999 (The Booster for WooCommerce WordPress plugin before 5.4.9 does not san ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24998 (The Simple JWT Login WordPress plugin before 3.3.0 can be used to crea ...) NOT-FOR-US: WordPress plugin CVE-2021-24997 (The WP Guppy WordPress plugin before 1.3 does not have any authorisati ...) @@ -51442,7 +51442,7 @@ CVE-2021-24993 CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24991 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24990 RESERVED CVE-2021-24989 @@ -51478,7 +51478,7 @@ CVE-2021-24975 CVE-2021-24974 RESERVED CVE-2021-24973 (The Site Reviews WordPress plugin before 5.17.3 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24972 (The Pixel Cat WordPress plugin before 2.6.3 does not escape some of it ...) NOT-FOR-US: WordPress plugin CVE-2021-24971 @@ -51496,9 +51496,9 @@ CVE-2021-24966 CVE-2021-24965 RESERVED CVE-2021-24964 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly ve ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24963 (The LiteSpeed Cache WordPress plugin before 4.4.4 does not escape the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24962 RESERVED CVE-2021-24961 @@ -51638,7 +51638,7 @@ CVE-2021-24895 CVE-2021-24894 (The Reviews Plus WordPress plugin before 1.2.14 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2021-24893 (The Stars Rating WordPress plugin before 3.5.1 does not validate the s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Forms (F ...) NOT-FOR-US: WordPress plugin CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...) @@ -51762,13 +51762,13 @@ CVE-2021-24833 (The YOP Poll WordPress plugin before 6.3.1 is affected by a stor CVE-2021-24832 (The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CS ...) NOT-FOR-US: WordPress plugin CVE-2021-24831 (All AJAX actions of the Tab WordPress plugin before 1.3.2 are availabl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24830 (The Advanced Access Manager WordPress plugin before 6.8.0 does not esc ...) NOT-FOR-US: WordPress plugin CVE-2021-24829 (The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 d ...) NOT-FOR-US: WordPress plugin CVE-2021-24828 (The Mortgage Calculator / Loan Calculator WordPress plugin before 1.5. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24827 (The Asgaros Forum WordPress plugin before 1.15.13 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2021-24826 @@ -51852,7 +51852,7 @@ CVE-2021-24788 (The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX CVE-2021-24787 (The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 ...) NOT-FOR-US: WordPress plugin CVE-2021-24786 (The Download Monitor WordPress plugin before 4.4.5 does not properly v ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24785 (The Great Quotes WordPress plugin through 1.0.0 does not sanitise and ...) NOT-FOR-US: WordPress plugin CVE-2021-24784 (The WP Admin Logo Changer WordPress plugin through 1.0 does not have C ...) @@ -52064,7 +52064,7 @@ CVE-2021-24682 (The Cool Tag Cloud WordPress plugin before 2.26 does not escape CVE-2021-24681 (The Duplicate Page WordPress plugin through 4.4.2 does not sanitise or ...) NOT-FOR-US: WordPress plugin CVE-2021-24680 (The WP Travel Engine WordPress plugin before 5.3.1 does not escape the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24679 (The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin ...) NOT-FOR-US: WordPress plugin CVE-2021-24678 (The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape ...) -- cgit v1.2.3