From c9fb4f958525b03d103ef8e0c29e1b46feb86844 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Fri, 18 Feb 2022 14:36:26 +0000 Subject: Process some NFUs --- data/CVE/2021.list | 2 +- data/CVE/2022.list | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 6381b79fff..b9ac59f095 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1028,7 +1028,7 @@ CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before c CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...) NOT-FOR-US: ScratchOAuth2 CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...) - TODO: check + NOT-FOR-US: ScratchOAuth2 CVE-2021-46248 RESERVED CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...) diff --git a/data/CVE/2022.list b/data/CVE/2022.list index d10f3669b2..0ca9f7d8af 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -2654,7 +2654,8 @@ CVE-2022-0474 (Full list of recipients from customer users in a contact field co NOT-FOR-US: OTRS NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...) - TODO: check + NOT-FOR-US: OTRS + NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian CVE-2022-24308 RESERVED CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...) @@ -4316,7 +4317,7 @@ CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2. ...) NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08 NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151) CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...) - TODO: check + NOT-FOR-US: go-attestation CVE-2022-0316 RESERVED CVE-2022-0315 @@ -9904,9 +9905,9 @@ CVE-2022-21678 (Discourse is an open source discussion platform. Prior to versio CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...) NOT-FOR-US: Discourse CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...) - TODO: check + NOT-FOR-US: Engine.IO CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...) - TODO: check + NOT-FOR-US: Bytecode Viewer CVE-2022-21674 RESERVED CVE-2022-21673 (Grafana is an open-source platform for monitoring and observability. I ...) -- cgit v1.2.3