From 976870281f2907e7b74e541f45bbec785ab4170f Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 2 Dec 2021 21:17:35 +0100 Subject: Process NFUs --- data/CVE/2015.list | 4 ++-- data/CVE/2020.list | 2 +- data/CVE/2021.list | 36 ++++++++++++++++++------------------ 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 2d038fb128..4094dbaff7 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,7 +1,7 @@ CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) NOT-FOR-US: WordPress plugin CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 4ba70bea6d..e65887ca97 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -9010,7 +9010,7 @@ CVE-2020-27416 CVE-2020-27415 RESERVED CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...) - TODO: check + NOT-FOR-US: Mahavitaran android application CVE-2020-27413 RESERVED CVE-2020-27412 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index e7649d972f..6e11c163e6 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -21,7 +21,7 @@ CVE-2021-44520 CVE-2021-44519 RESERVED CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...) - TODO: check + NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android CVE-2021-44517 RESERVED CVE-2021-44516 @@ -1098,7 +1098,7 @@ CVE-2021-44052 CVE-2021-44051 RESERVED CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...) - TODO: check + NOT-FOR-US: CA Network Flow Analysis (NFA) CVE-2021-44049 RESERVED CVE-2021-44048 @@ -1680,7 +1680,7 @@ CVE-2021-43797 CVE-2021-43796 RESERVED CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...) - TODO: check + NOT-FOR-US: Armeria CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...) NOT-FOR-US: Discourse CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...) @@ -1920,7 +1920,7 @@ CVE-2021-43688 CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...) NOT-FOR-US: Chamilo-lms CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...) - TODO: check + NOT-FOR-US: nZEDb CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...) TODO: check CVE-2021-43684 @@ -1930,11 +1930,11 @@ CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulne CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site ...) TODO: check CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...) - TODO: check + NOT-FOR-US: SakuraPanel CVE-2021-43680 RESERVED CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...) - TODO: check + NOT-FOR-US: ecshop CVE-2021-43678 RESERVED CVE-2021-43677 @@ -2204,7 +2204,7 @@ CVE-2021-3946 CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) NOT-FOR-US: django-helpdesk CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF) ...) - TODO: check + NOT-FOR-US: bookstack CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) - moodle CVE-2021-43575 (** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS ...) @@ -9826,9 +9826,9 @@ CVE-2021-40336 CVE-2021-40335 RESERVED CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2021-40332 RESERVED CVE-2021-3759 [unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks] @@ -12223,7 +12223,7 @@ CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Descript CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...) TODO: check CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...) - TODO: check + NOT-FOR-US: ohmyzsh CVE-2021-3724 RESERVED NOT-FOR-US: Red Hat Serverless @@ -42393,7 +42393,7 @@ CVE-2021-26779 CVE-2021-26778 RESERVED CVE-2021-26777 (Buffer overflow vulnerability in function SetFirewall in index.cgi in ...) - TODO: check + NOT-FOR-US: CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare CVE-2021-26776 (CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: CSZ CMS CVE-2021-26775 @@ -44420,7 +44420,7 @@ CVE-2021-25969 (In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnera CVE-2021-25968 (In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a ...) NOT-FOR-US: OpenCMS CVE-2021-25967 (In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerab ...) - TODO: check + NOT-FOR-US: CKAN CVE-2021-25966 (In “Orchard core CMS” application, versions 1.0.0-beta1-33 ...) NOT-FOR-US: Orchard CMS CVE-2021-25965 (In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site ...) @@ -50698,17 +50698,17 @@ CVE-2021-23265 CVE-2021-23264 (Installations, where crafter-search is not protected, allow unauthenti ...) TODO: check CVE-2021-23263 (Unauthenticated remote attackers can read textual content via FreeMark ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23262 (Authenticated administrators may modify the main YAML configuration fi ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23261 (Authenticated administrators may override the system configuration fil ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23260 (Authenticated users with Site roles may inject XSS scripts via file na ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23259 (Authenticated users with Administrator or Developer roles may execute ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23258 (Authenticated users with Administrator or Developer roles may execute ...) - TODO: check + NOT-FOR-US: Crafter CMS CVE-2021-23257 RESERVED CVE-2021-23256 -- cgit v1.2.3