From 603c42415dde16dc382bb85dcb07497ab23c2ee1 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 1 Dec 2021 21:34:34 +0100 Subject: Associate some NFUs with the potential opennms source package --- data/CVE/2008.list | 4 ++-- data/CVE/2014.list | 2 +- data/CVE/2015.list | 2 +- data/CVE/2020.list | 6 +++--- data/CVE/2021.list | 16 ++++++++-------- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index f6a7b9e8ab..f67c8689f7 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -2630,7 +2630,7 @@ CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog b CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...) NOT-FOR-US: Juniper NetScreen ScreenOS CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in Op ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis Technol ...) NOT-FOR-US: Celoxis Technologies Celoxis CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when magic ...) @@ -6890,7 +6890,7 @@ CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FT ...) NOT-FOR-US: FlashGet FTP CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...) NOT-FOR-US: Libra File Manager CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute arbitr ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index ab8fd028d0..31f1ef6539 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -16519,7 +16519,7 @@ CVE-2014-3962 (Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow r CVE-2014-3961 (SQL injection vulnerability in the Export CSV page in the Participants ...) NOT-FOR-US: WordPress plugin Participants Database CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2014-3980 (libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in ...) - libfep (bug #658575) CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the Configurat ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 787b5a0494..13bcb8bbf5 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -5271,7 +5271,7 @@ CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows re CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in administra ...) NOT-FOR-US: Joomla! CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3 ...) {DSA-3388-1 DLA-335-1} - ntp 1:4.2.8p4+dfsg-1 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 1099f35edd..9dfb61a30c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -42571,7 +42571,7 @@ CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer over [jessie] - imlib2 (Vulnerable code introduced later) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...) - zulip-server (bug #800052) CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...) @@ -44877,7 +44877,7 @@ CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...) NOT-FOR-US: svg2png CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2020-11884 (In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code exec ...) @@ -69114,7 +69114,7 @@ CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content Adapta CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets sent to ...) NOT-FOR-US: Juniper CVE-2020-1652 (OpenNMS is accessible via port 9443 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific Layer 2 ...) NOT-FOR-US: Juniper CVE-2020-1650 (On Juniper Networks Junos MX Series with service card configured, rece ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 40c7c11d58..7e59f1c280 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -42584,7 +42584,7 @@ CVE-2021-3398 CVE-2021-3397 RESERVED CVE-2021-3396 (OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2021-26676 (gdhcp in ConnMan before 1.39 could be used by network-adjacent attacke ...) {DSA-4847-1 DLA-2552-1} - connman 1.36-2.1 @@ -44439,19 +44439,19 @@ CVE-2021-25937 CVE-2021-25936 RESERVED CVE-2021-25935 (In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2021-25934 (In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2021-25933 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2021-25932 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2021-25931 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2021-25930 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2021-25929 (In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0 ...) - NOT-FOR-US: OpenNMS + - opennms (bug #450615) CVE-2021-25928 (Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through ...) NOT-FOR-US: Node safe-obj CVE-2021-25927 (Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 throug ...) -- cgit v1.2.3