From d784feb62753b4460173238595747d8b573f7849 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 1 Nov 2021 21:51:00 +0100 Subject: Process some NFUs --- data/CVE/2015.list | 6 +++--- data/CVE/2018.list | 2 +- data/CVE/2020.list | 6 +++--- data/CVE/2021.list | 26 +++++++++++++------------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index d9bb26930a..90933a49f7 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1,9 +1,9 @@ CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2015-20002 RESERVED CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not panic- ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 97073bdf23..d5142a30d7 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1,5 +1,5 @@ CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...) - unrar-nonfree (bug #990541) [bullseye] - unrar-nonfree (Non-free not supported) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index e3533df326..26aae98af0 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,9 +1,9 @@ CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2020-36502 (Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-si ...) NOT-FOR-US: Swift File Transfer Mobile CVE-2020-36501 (Multiple cross-site scripting (XSS) vulnerabilities in the Support mod ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index a219a35f30..3004696d89 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1321,7 +1321,7 @@ CVE-2021-42559 CVE-2021-42558 RESERVED CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...) - TODO: check + NOT-FOR-US: Jeedom CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...) NOT-FOR-US: Rasa X CVE-2021-42555 @@ -2649,7 +2649,7 @@ CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) ...) CVE-2021-3857 RESERVED CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...) - TODO: check + NOT-FOR-US: Apache MINA CVE-2021-41972 RESERVED CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...) @@ -9960,7 +9960,7 @@ CVE-2021-38849 CVE-2021-38848 RESERVED CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...) - TODO: check + NOT-FOR-US: S-Cart CVE-2021-38846 RESERVED CVE-2021-38845 @@ -10446,9 +10446,9 @@ CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/us CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...) NOT-FOR-US: Eigen CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...) - TODO: check + NOT-FOR-US: HP CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...) - TODO: check + NOT-FOR-US: HP CVE-2021-38614 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is u ...) - polipo [buster] - polipo (Minor issue) @@ -33128,9 +33128,9 @@ CVE-2021-29215 CVE-2021-29214 RESERVED CVE-2021-29213 (A potential local bypass of security restrictions vulnerability has be ...) - TODO: check + NOT-FOR-US: HPE CVE-2021-29212 (A remote unauthenticated directory traversal security vulnerability ha ...) - TODO: check + NOT-FOR-US: HPE CVE-2021-29211 (A remote xss vulnerability was discovered in HPE Integrated Lights-Out ...) NOT-FOR-US: HPE CVE-2021-29210 (A remote dom xss, crlf injection vulnerability was discovered in HPE I ...) @@ -35469,7 +35469,7 @@ CVE-2021-28217 CVE-2021-3441 (A potential security vulnerability has been identified for the HP Offi ...) NOT-FOR-US: HP CVE-2021-3440 (HP Print and Scan Doctor, an application within the HP Smart App for W ...) - TODO: check + NOT-FOR-US: HP CVE-2021-3439 RESERVED CVE-2021-3438 (A potential buffer overflow in the software drivers for certain HP Las ...) @@ -36885,7 +36885,7 @@ CVE-2021-27645 (The nameserver caching daemon (nscd) in the GNU C Library (aka g NOTE: Introducing commit present in Debian since 2.28-1 with addition of NOTE: https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919 CVE-2021-27644 (In Apache DolphinScheduler before 1.3.6 versions, authorized users can ...) - TODO: check + NOT-FOR-US: Apache DolphinScheduler CVE-2021-27643 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2021-27642 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) @@ -38282,9 +38282,9 @@ CVE-2021-27007 CVE-2021-27006 RESERVED CVE-2021-27005 (Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, ...) - TODO: check + NOT-FOR-US: Clustered Data ONTAP CVE-2021-27004 (System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and ...) - TODO: check + NOT-FOR-US: NetAPP CVE-2021-27003 (Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 a ...) NOT-FOR-US: Clustered Data ONTAP (NetApp) CVE-2021-27002 (NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vul ...) @@ -38922,9 +38922,9 @@ CVE-2021-26742 CVE-2021-26741 RESERVED CVE-2021-26740 (Arbitrary file upload vulnerability sysupload.php in millken doyocms 2 ...) - TODO: check + NOT-FOR-US: doyocms CVE-2021-26739 (SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows ...) - TODO: check + NOT-FOR-US: doyocms CVE-2021-26738 RESERVED CVE-2021-26737 -- cgit v1.2.3