From d92e7a08d1c0ee92d8bd7e8b202a737aafe48e15 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 2 Nov 2021 21:20:05 +0100 Subject: Process more NFUs --- data/CVE/2020.list | 14 +++++++------- data/CVE/2021.list | 52 ++++++++++++++++++++++++++-------------------------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6b68868bc5..24d4eafc84 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -3149,7 +3149,7 @@ CVE-2020-35251 CVE-2020-35250 RESERVED CVE-2020-35249 (Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows ...) - TODO: check + NOT-FOR-US: ElkarBackup CVE-2020-35248 RESERVED CVE-2020-35247 @@ -8996,7 +8996,7 @@ CVE-2020-27408 (OpenSIS Community Edition through 7.6 is affected by incorrect a CVE-2020-27407 RESERVED CVE-2020-27406 (Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authen ...) - TODO: check + NOT-FOR-US: DynPG CVE-2020-27405 RESERVED CVE-2020-27404 @@ -17579,7 +17579,7 @@ CVE-2020-23756 CVE-2020-23755 RESERVED CVE-2020-23754 (Cross Site Scripting (XSS) vulnerability in infusions/member_poll_pane ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2020-23753 RESERVED CVE-2020-23752 @@ -17649,9 +17649,9 @@ CVE-2020-23721 (An issue was discovered in FUEL CMS V1.4.7. An attacker can use CVE-2020-23720 RESERVED CVE-2020-23719 (Cross site scripting (XSS) vulnerability in application/controllers/Ad ...) - TODO: check + NOT-FOR-US: xujinliang zibbs CVE-2020-23718 (Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allo ...) - TODO: check + NOT-FOR-US: xujinliang zibbs CVE-2020-23717 RESERVED CVE-2020-23716 @@ -17715,9 +17715,9 @@ CVE-2020-23688 CVE-2020-23687 RESERVED CVE-2020-23686 (Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows ...) - TODO: check + NOT-FOR-US: AyaCMS CVE-2020-23685 (SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to ...) - TODO: check + NOT-FOR-US: 188Jianzhan CVE-2020-23684 RESERVED CVE-2020-23683 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 5377551f43..5dbbef9999 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -1062,7 +1062,7 @@ CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 202 CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol CVE-2021-42763 (Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive In ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allow ...) {DSA-4996-1 DSA-4995-1} - webkit2gtk 2.34.1-1 @@ -1085,7 +1085,7 @@ CVE-2021-42756 CVE-2021-42755 RESERVED CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-42753 RESERVED CVE-2021-42752 @@ -1473,7 +1473,7 @@ CVE-2021-42570 CVE-2021-42569 RESERVED CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...) - TODO: check + NOT-FOR-US: Sonatype CVE-2021-42567 RESERVED CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter. ...) @@ -4992,15 +4992,15 @@ CVE-2021-41025 CVE-2021-41024 RESERVED CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows Agent ve ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-41021 RESERVED CVE-2021-41020 RESERVED CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-41018 RESERVED CVE-2021-41017 @@ -12617,7 +12617,7 @@ CVE-2021-3675 CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...) NOT-FOR-US: resolution SAML SSO apps for Atlassian products CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensiti ...) - TODO: check + NOT-FOR-US: Couchbase Server CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access control. If ...) NOT-FOR-US: Docker Desktop on Windows CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...) @@ -14709,13 +14709,13 @@ CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevati CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) NOT-FOR-US: Microsoft CVE-2021-36925 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) - TODO: check + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36924 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) - TODO: check + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36923 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) - TODO: check + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) - TODO: check + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices CVE-2021-36920 @@ -14971,7 +14971,7 @@ CVE-2021-36796 CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...) NOT-FOR-US: Cohesity CVE-2021-36794 (In Siren Investigate before 11.1.4, when enabling the cluster feature ...) - TODO: check + NOT-FOR-US: Siren Investigate CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, ...) NOT-FOR-US: routes (aka Extbase Yaml Routes) extension for TYPO3 CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has ...) @@ -15520,7 +15520,7 @@ CVE-2021-36562 CVE-2021-36561 RESERVED CVE-2021-36560 (Phone Shop Sales Managements System using PHP with Source Code 1.0 is ...) - TODO: check + NOT-FOR-US: Phone Shop Sales Managements System CVE-2021-36559 RESERVED CVE-2021-36558 @@ -16326,19 +16326,19 @@ CVE-2021-36189 CVE-2021-36188 RESERVED CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36186 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, vers ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36185 (A improper neutralization of special elements used in an OS command (' ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36184 (A improper neutralization of Special Elements used in an SQL Command ( ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36183 (An improper authorization vulnerability [CWE-285] in FortiClient for W ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...) NOT-FOR-US: FortiGuard CVE-2021-36181 (A concurrent execution using shared resource with improper Synchroniza ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36180 RESERVED CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...) @@ -16348,15 +16348,15 @@ CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConne CVE-2021-36177 RESERVED CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...) NOT-FOR-US: Fortiguard CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36173 RESERVED CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-36171 RESERVED CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...) @@ -24800,7 +24800,7 @@ CVE-2021-32597 (Multiple improper neutralization of input during web page genera CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...) NOT-FOR-US: FortiPortal CVE-2021-32595 (Multiple uncontrolled resource consumption vulnerabilities in the web ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...) NOT-FOR-US: FortiPortal CVE-2021-32593 @@ -36930,9 +36930,9 @@ CVE-2021-27725 CVE-2021-27724 RESERVED CVE-2021-27723 (An issue was discovered in Nsasoft US LLC Product Key Explorer 4.2.7. ...) - TODO: check + NOT-FOR-US: Nsasoft US LLC Product Key Explorer CVE-2021-27722 (An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The progr ...) - TODO: check + NOT-FOR-US: Nsasoft US LLC SpotAuditor CVE-2021-27721 RESERVED CVE-2021-27720 @@ -40786,7 +40786,7 @@ CVE-2021-26109 CVE-2021-26108 RESERVED CVE-2021-26107 (An improper access control vulnerability [CWE-284] in FortiManager ver ...) - TODO: check + NOT-FOR-US: Fortiguard CVE-2021-26106 (An improper neutralization of special elements used in an OS Command v ...) NOT-FOR-US: Fortiguard CVE-2021-26105 -- cgit v1.2.3