From 8059343e7b0ddf8e880ee5b735544aa8ee4f1da4 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 29 Nov 2021 21:18:49 +0100 Subject: Process some NFUs --- data/CVE/2017.list | 2 +- data/CVE/2021.list | 64 +++++++++++++++++++++++++++--------------------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index e504f9e00b..0828c4197d 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,5 +1,5 @@ CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) NOT-FOR-US: Ingeteam INGEPAC DA AU CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index e5b470d209..71f6dddb0c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -349,17 +349,17 @@ CVE-2021-44205 CVE-2021-44204 RESERVED CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...) - TODO: check + NOT-FOR-US: Acronis CVE-2021-44197 RESERVED CVE-2021-44196 @@ -1523,7 +1523,7 @@ CVE-2021-43699 CVE-2021-43698 (An unspecified version of phpWhois is affected by a Cross Site Scripti ...) TODO: check CVE-2021-43697 (An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cr ...) - TODO: check + NOT-FOR-US: Workerman-ThinkPHP-Redis CVE-2021-43696 (An unspecified version of twmap is affected by a Cross Site Scripting ...) TODO: check CVE-2021-43695 (An unspecified version of issabelPBX is affected by a Cross Site Scrip ...) @@ -1535,7 +1535,7 @@ CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in CVE-2021-43692 (An unspecified version of youtube-php-mirroring is affected by a Cross ...) TODO: check CVE-2021-43691 (An unspecified version of tripexpress is affected by a path manipulati ...) - TODO: check + NOT-FOR-US: tripexpress CVE-2021-43690 RESERVED CVE-2021-43689 @@ -4605,9 +4605,9 @@ CVE-2021-42367 CVE-2021-42366 RESERVED CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...) NOT-FOR-US: WordPress plugin CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...) @@ -4619,7 +4619,7 @@ CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress instal CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-di ...) NOT-FOR-US: WP DSGVO Tools (GDPR) CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-42357 RESERVED CVE-2021-42356 @@ -10251,7 +10251,7 @@ CVE-2021-39997 CVE-2021-39996 RESERVED CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-39994 RESERVED CVE-2021-39993 @@ -14349,7 +14349,7 @@ CVE-2021-38285 CVE-2021-38284 RESERVED CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) - TODO: check + NOT-FOR-US: Wipro Holmes Orchestrator CVE-2021-38282 RESERVED CVE-2021-38281 @@ -14699,7 +14699,7 @@ CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2 CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...) NOT-FOR-US: Obsidian CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) - TODO: check + NOT-FOR-US: Wipro Holmes Orchestrator CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...) NOT-FOR-US: Wipro Holmes Orchestrator CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...) @@ -46568,7 +46568,7 @@ CVE-2021-24929 CVE-2021-24928 RESERVED CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24926 RESERVED CVE-2021-24925 @@ -46586,13 +46586,13 @@ CVE-2021-24920 CVE-2021-24919 RESERVED CVE-2021-24918 (The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24917 RESERVED CVE-2021-24916 RESERVED CVE-2021-24915 (The Contest Gallery WordPress plugin before 13.1.0.6 does not have cap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24914 RESERVED CVE-2021-24913 @@ -46606,7 +46606,7 @@ CVE-2021-24910 CVE-2021-24909 RESERVED CVE-2021-24908 (The Check & Log Email WordPress plugin before 1.0.4 does not escap ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24907 RESERVED CVE-2021-24906 @@ -46624,7 +46624,7 @@ CVE-2021-24901 CVE-2021-24900 RESERVED CVE-2021-24899 (The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24898 RESERVED CVE-2021-24897 @@ -46644,7 +46644,7 @@ CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.1.4 does CVE-2021-24890 RESERVED CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...) NOT-FOR-US: WordPress plugin CVE-2021-24887 @@ -46656,7 +46656,7 @@ CVE-2021-24885 (The YOP Poll WordPress plugin before 6.1.2 does not escape the p CVE-2021-24884 (The Formidable Form Builder WordPress plugin before 4.09.05 allows to ...) NOT-FOR-US: WordPress plugin CVE-2021-24883 (The Popup Anything WordPress plugin before 2.0.4 does not escape the L ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-24881 @@ -46670,7 +46670,7 @@ CVE-2021-24878 CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...) NOT-FOR-US: WordPress plugin CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24875 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.3 ...) NOT-FOR-US: WordPress plugin CVE-2021-24874 @@ -46702,7 +46702,7 @@ CVE-2021-24862 CVE-2021-24861 RESERVED CVE-2021-24860 (The BSK PDF Manager WordPress plugin before 3.1.2 does not validate an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24859 RESERVED CVE-2021-24858 @@ -46738,7 +46738,7 @@ CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not va CVE-2021-24843 RESERVED CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...) NOT-FOR-US: WordPress plugin CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...) @@ -46778,7 +46778,7 @@ CVE-2021-24824 CVE-2021-24823 RESERVED CVE-2021-24822 (The Stylish Cost Calculator WordPress plugin before 7.0.4 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24821 RESERVED CVE-2021-24820 @@ -46800,7 +46800,7 @@ CVE-2021-24813 (The Events Made Easy WordPress plugin before 2.2.24 does not san CVE-2021-24812 (The BetterLinks WordPress plugin before 1.2.6 does not sanitise and es ...) NOT-FOR-US: WordPress plugin CVE-2021-24811 (The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24810 RESERVED CVE-2021-24809 (The BP Better Messages WordPress plugin before 1.9.9.41 does not check ...) @@ -46886,7 +46886,7 @@ CVE-2021-24770 (The Stylish Price List WordPress plugin before 6.9.1 does not pe CVE-2021-24769 (The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not v ...) NOT-FOR-US: WordPress plugin CVE-2021-24768 (The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24767 (The Redirect 404 Error Page to Homepage or Custom Page with Logs WordP ...) NOT-FOR-US: WordPress plugin CVE-2021-24766 (The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress p ...) @@ -46912,7 +46912,7 @@ CVE-2021-24757 (The Stylish Price List WordPress plugin before 6.9.0 does not pe CVE-2021-24756 RESERVED CVE-2021-24755 (The myCred WordPress plugin before 2.3 does not validate or escape the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24754 (The MainWP Child Reports WordPress plugin before 2.0.8 does not valida ...) NOT-FOR-US: WordPress plugin CVE-2021-24753 @@ -46920,19 +46920,19 @@ CVE-2021-24753 CVE-2021-24752 (Multiple Plugins from the CatchThemes vendor do not perform capability ...) NOT-FOR-US: WordPress plugins CVE-2021-24751 (The GenerateBlocks WordPress plugin before 1.4.0 does not validate the ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24750 RESERVED CVE-2021-24749 (The URL Shortify WordPress plugin before 1.5.1 does not have CSRF chec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24748 (The Email Before Download WordPress plugin before 6.8 does not properl ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24747 RESERVED CVE-2021-24746 RESERVED CVE-2021-24745 (The About Author Box WordPress plugin before 1.0.2 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24744 (The WordPress Contact Forms by Cimatti WordPress plugin before 1.4.12 ...) NOT-FOR-US: WordPress plugin CVE-2021-24743 (The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows use ...) -- cgit v1.2.3