From c414ad45512da65df563f4662675209cf2492a9b Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 4 Jan 2022 21:32:13 +0100 Subject: Process some NFUs --- data/CVE/2021.list | 32 ++++++++++++++++---------------- data/CVE/2022.list | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 897af52c5f..a22d1bdc5c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -354,11 +354,11 @@ CVE-2021-45982 CVE-2021-45981 RESERVED CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) - TODO: check + NOT-FOR-US: Foxit CVE-2021-45977 RESERVED CVE-2021-45976 @@ -609,9 +609,9 @@ CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference ...) NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28 NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8 CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...) - TODO: check + NOT-FOR-US: ControlUp Real-Time Agent CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...) - TODO: check + NOT-FOR-US: ControlUp Real-Time Agent CVE-2021-44775 RESERVED CVE-2021-44465 @@ -1887,7 +1887,7 @@ CVE-2021-45391 CVE-2021-45390 RESERVED CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...) - TODO: check + NOT-FOR-US: StarWind CVE-2021-45388 RESERVED CVE-2021-45387 @@ -5028,7 +5028,7 @@ CVE-2021-44170 CVE-2021-44169 RESERVED CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...) - TODO: check + NOT-FOR-US: FortiGuard CVE-2021-44167 RESERVED CVE-2021-44166 @@ -5818,9 +5818,9 @@ CVE-2021-43860 CVE-2021-43859 RESERVED CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...) - TODO: check + NOT-FOR-US: MinIO CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...) - TODO: check + NOT-FOR-US: Gerapy CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...) NOT-FOR-US: Wiki.js CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...) @@ -6164,7 +6164,7 @@ CVE-2021-43713 CVE-2021-43712 RESERVED CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...) - TODO: check + NOT-FOR-US: TOTOLINK CVE-2021-43710 RESERVED CVE-2021-43709 @@ -10664,7 +10664,7 @@ CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dan CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...) NOT-FOR-US: Trend Micro CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path ...) - TODO: check + NOT-FOR-US: ws-scrcpy CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...) NOT-FOR-US: Apache OpenOffice CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...) @@ -12106,7 +12106,7 @@ CVE-2021-41238 (Hangfire is an open source system to perform background job proc CVE-2021-41237 RESERVED CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...) - TODO: check + NOT-FOR-US: OroPlatform CVE-2021-41235 RESERVED CVE-2021-41234 @@ -15191,9 +15191,9 @@ CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 580 CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...) TODO: check CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...) - TODO: check + NOT-FOR-US: Huawei CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...) TODO: check CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...) @@ -17268,7 +17268,7 @@ CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh NOTE: https://x-stream.github.io/CVE-2021-39144.html CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) - TODO: check + NOT-FOR-US: Spinnaker CVE-2021-39142 RESERVED CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...) @@ -18237,7 +18237,7 @@ CVE-2021-38690 CVE-2021-38689 RESERVED CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...) - TODO: check + NOT-FOR-US: QNAP CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) NOT-FOR-US: QNAP CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index b1db173140..74510c074a 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -615,7 +615,7 @@ CVE-2022-22295 CVE-2022-22294 RESERVED CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF) ...) - TODO: check + NOT-FOR-US: Node uppy CVE-2022-0085 RESERVED CVE-2022-0084 -- cgit v1.2.3