From 4c94a4e5bde4274651157f8f3e530d7690b7a063 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Tue, 25 Jan 2022 14:59:06 +0000 Subject: Process NFUs --- data/CVE/2021.list | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 2a73934e81..1f7dcb6301 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -55103,17 +55103,17 @@ CVE-2021-24048 CVE-2021-24047 RESERVED CVE-2021-24046 (A logic flaw in Ray-Ban® Stories device software allowed some par ...) - TODO: check + NOT-FOR-US: Facebook View CVE-2021-24045 (A type confusion vulnerability could be triggered when resolving the " ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2021-24044 (By passing invalid javascript code where await and yield were called u ...) - TODO: check + NOT-FOR-US: Facebook Hermes CVE-2021-24043 RESERVED CVE-2021-24042 (The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp ...) - TODO: check + NOT-FOR-US: Whatsapp CVE-2021-24041 (A missing bounds check in image blurring code prior to WhatsApp for An ...) - TODO: check + NOT-FOR-US: Whatsapp CVE-2021-24040 (Due to use of unsafe YAML deserialization logic, an attacker with the ...) NOT-FOR-US: Facebook ParlAI CVE-2021-24039 @@ -55697,7 +55697,7 @@ CVE-2021-23844 CVE-2021-23843 (The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are us ...) NOT-FOR-US: Bosch CVE-2021-23842 (Communication to the AMC2 uses a state-of-the-art cryptographic algori ...) - TODO: check + NOT-FOR-US: Bosch CVE-2021-23841 (The OpenSSL public API function X509_issuer_and_serial_hash() attempts ...) {DSA-4855-1 DLA-2565-1 DLA-2563-1} - openssl 1.1.1j-1 @@ -55792,7 +55792,7 @@ CVE-2021-23826 CVE-2021-23825 RESERVED CVE-2021-23824 (This affects the package Crow before 0.3+4. When using attributes with ...) - TODO: check + NOT-FOR-US: CrowCpp CVE-2021-23823 RESERVED CVE-2021-23822 @@ -55849,7 +55849,7 @@ CVE-2021-23799 CVE-2021-23798 RESERVED CVE-2021-23797 (All versions of package http-server-node are vulnerable to Directory T ...) - TODO: check + NOT-FOR-US: Node http-server CVE-2021-23796 RESERVED CVE-2021-23795 @@ -55899,7 +55899,7 @@ CVE-2021-23774 CVE-2021-23773 RESERVED CVE-2021-23772 (This affects all versions of package github.com/kataras/iris; all vers ...) - TODO: check + NOT-FOR-US: iris Go web framework CVE-2021-23771 RESERVED CVE-2021-23770 @@ -56046,7 +56046,7 @@ CVE-2021-23702 CVE-2021-23701 RESERVED CVE-2021-23700 (All versions of package merge-deep2 are vulnerable to Prototype Pollut ...) - TODO: check + NOT-FOR-US: merge-deep2 (fork of unaffected merge-deep). CVE-2021-23699 RESERVED CVE-2021-23698 @@ -56118,9 +56118,9 @@ CVE-2021-23666 CVE-2021-23665 RESERVED CVE-2021-23664 (The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to ...) - TODO: check + NOT-FOR-US: cors-proxy CVE-2021-23663 (All versions of package sey are vulnerable to Prototype Pollution via ...) - TODO: check + NOT-FOR-US: sey - Deprecated Simple JavaScript build tool CVE-2021-23662 RESERVED CVE-2021-23661 @@ -56168,7 +56168,7 @@ CVE-2021-23641 CVE-2021-23640 RESERVED CVE-2021-23639 (The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execu ...) - TODO: check + NOT-FOR-US: Node md-to-pdf CVE-2021-23638 RESERVED CVE-2021-23637 @@ -56184,7 +56184,7 @@ CVE-2021-23633 CVE-2021-23632 RESERVED CVE-2021-23631 (This affects all versions of package convert-svg-core; all versions of ...) - TODO: check + NOT-FOR-US: Node convert-svg CVE-2021-23630 RESERVED CVE-2021-23629 -- cgit v1.2.3