From d954c695ae295e6e7e5f5864c0a2adec75d23522 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Wed, 16 Feb 2022 21:24:20 +0100 Subject: Process NFUs --- data/CVE/2019.list | 2 +- data/CVE/2020.list | 12 ++++++------ data/CVE/2021.list | 28 ++++++++++++++-------------- data/CVE/2022.list | 52 ++++++++++++++++++++++++++-------------------------- 4 files changed, 47 insertions(+), 47 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 10ff12d5d4..e81f6bdfa9 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -10736,7 +10736,7 @@ CVE-2019-16865 (An issue was discovered in Pillow before 6.2.0. When reading spe NOTE: https://github.com/python-pillow/Pillow/commit/b9693a51c99c260bd66d1affeeab4a226cf7e5a5 NOTE: https://github.com/python-pillow/Pillow/commit/cc16025e234b7a7a4dd3a86d2fdc0980698db9cc CVE-2019-16864 (CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP befor ...) - TODO: check + NOT-FOR-US: EnterpriseDT CompleteFTP CVE-2019-16863 (STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow a ...) NOT-FOR-US: STMicroelectronics CVE-2019-16862 (Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x befor ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 9586b3dc9c..3c7b9765c4 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -57071,17 +57071,17 @@ CVE-2020-6924 CVE-2020-6923 RESERVED CVE-2020-6922 (Potential security vulnerabilities including compromise of integrity, ...) - TODO: check + NOT-FOR-US: HP CVE-2020-6921 (Potential security vulnerabilities including compromise of integrity, ...) - TODO: check + NOT-FOR-US: HP CVE-2020-6920 (Potential security vulnerabilities including compromise of integrity, ...) - TODO: check + NOT-FOR-US: HP CVE-2020-6919 (Potential security vulnerabilities including compromise of integrity, ...) - TODO: check + NOT-FOR-US: HP CVE-2020-6918 (Potential security vulnerabilities including compromise of integrity, ...) - TODO: check + NOT-FOR-US: HP CVE-2020-6917 (Potential security vulnerabilities including compromise of integrity, ...) - TODO: check + NOT-FOR-US: HP CVE-2020-6916 RESERVED CVE-2020-6915 diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 2aa2249428..7167fb8466 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -690,7 +690,7 @@ CVE-2021-46390 CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) NOT-FOR-US: IIPImage High Resolution Streaming Image Server CVE-2021-46388 (WAGO 750-8212 PFC200 G2 2ETH RS Firmware version 03.05.10(17) is affec ...) - TODO: check + NOT-FOR-US: WAGO CVE-2021-46387 RESERVED CVE-2021-46386 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File U ...) @@ -3352,7 +3352,7 @@ CVE-2021-45393 CVE-2021-45392 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) NOT-FOR-US: Tenda CVE-2021-45391 (A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01. ...) - TODO: check + NOT-FOR-US: Tenda CVE-2021-45390 RESERVED CVE-2021-45389 (StarWind SAN & NAS build 1578 and StarWind Command Center Build 68 ...) @@ -18625,15 +18625,15 @@ CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...) NOT-FOR-US: MISP CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) - TODO: check + NOT-FOR-US: HP CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) - TODO: check + NOT-FOR-US: HP CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) - TODO: check + NOT-FOR-US: HP CVE-2021-39298 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) - TODO: check + NOT-FOR-US: HP CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) - TODO: check + NOT-FOR-US: HP CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...) NOT-FOR-US: OpenBMC CVE-2021-39295 @@ -60344,7 +60344,7 @@ CVE-2021-22052 CVE-2021-22051 (Applications using Spring Cloud Gateway are vulnerable to specifically ...) NOT-FOR-US: Spring Cloud Gateway CVE-2021-22050 (ESXi contains a slow HTTP POST denial-of-service vulnerability in rhtt ...) - TODO: check + NOT-FOR-US: VMware CVE-2021-22049 (The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Requ ...) NOT-FOR-US: VMware CVE-2021-22048 (The vCenter Server contains a privilege escalation vulnerability in th ...) @@ -60358,13 +60358,13 @@ CVE-2021-22045 (VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before CVE-2021-22044 (In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEA ...) NOT-FOR-US: Spring Cloud OpenFeign CVE-2021-22043 (VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerabilit ...) - TODO: check + NOT-FOR-US: VMware CVE-2021-22042 (VMware ESXi contains an unauthorized access vulnerability due to VMX h ...) - TODO: check + NOT-FOR-US: VMware CVE-2021-22041 (VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerabil ...) - TODO: check + NOT-FOR-US: VMware CVE-2021-22040 (VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerab ...) - TODO: check + NOT-FOR-US: VMware CVE-2021-22039 RESERVED CVE-2021-22038 (On Windows, the uninstaller binary copies itself to a fixed temporary ...) @@ -60534,7 +60534,7 @@ CVE-2021-21968 (A file write vulnerability exists in the OTA update task functio CVE-2021-21967 RESERVED CVE-2021-21966 (An information disclosure vulnerability exists in the HTTP Server /pin ...) - TODO: check + NOT-FOR-US: Texas Instruments CVE-2021-21965 (A denial of service vulnerability exists in the SeaMax remote configur ...) NOT-FOR-US: Sealevel Systems CVE-2021-21964 (A denial of service vulnerability exists in the Modbus configuration f ...) @@ -60550,7 +60550,7 @@ CVE-2021-21960 (A stack-based buffer overflow vulnerability exists in both the L CVE-2021-21959 (A misconfiguration exists in the MQTTS functionality of Sealevel Syste ...) NOT-FOR-US: Sealevel Systems CVE-2021-21958 (A heap-based buffer overflow vulnerability exists in the Hword HwordAp ...) - TODO: check + NOT-FOR-US: Hancom Office 2020 CVE-2021-21957 (A privilege escalation vulnerability exists in the Remote Server funct ...) NOT-FOR-US: Dream Report ODS Remote Connector CVE-2021-21956 diff --git a/data/CVE/2022.list b/data/CVE/2022.list index 2cb8c3aefd..5cfec9e8fc 100644 --- a/data/CVE/2022.list +++ b/data/CVE/2022.list @@ -1595,11 +1595,11 @@ CVE-2022-0516 [KVM: s390: Return error on SIDA memop on normal guest] NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2 CVE-2022-24665 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) - TODO: check + NOT-FOR-US: PHP Everywhere CVE-2022-24664 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) - TODO: check + NOT-FOR-US: PHP Everywhere CVE-2022-24663 (PHP Everywhere <= 2.0.3 included functionality that allowed executi ...) - TODO: check + NOT-FOR-US: PHP Everywhere CVE-2022-24662 RESERVED CVE-2022-24661 @@ -3155,7 +3155,7 @@ CVE-2022-24088 CVE-2022-24087 RESERVED CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-24085 RESERVED CVE-2022-24084 @@ -4386,7 +4386,7 @@ CVE-2022-23646 CVE-2022-23645 RESERVED CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...) - TODO: check + NOT-FOR-US: BookWyrm CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) TODO: check CVE-2022-23642 @@ -5147,7 +5147,7 @@ CVE-2022-23360 CVE-2022-23359 RESERVED CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...) - TODO: check + NOT-FOR-US: EasyCMS CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...) TODO: check CVE-2022-23356 @@ -5656,43 +5656,43 @@ CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, a CVE-2022-23205 RESERVED CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23201 RESERVED CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23187 RESERVED CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) - TODO: check + NOT-FOR-US: Adobe CVE-2022-23185 RESERVED CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...) @@ -6324,7 +6324,7 @@ CVE-2022-22947 CVE-2022-22946 RESERVED CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...) - TODO: check + NOT-FOR-US: VMware CVE-2022-22944 RESERVED CVE-2022-22943 @@ -6541,7 +6541,7 @@ CVE-2022-22855 CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...) NOT-FOR-US: Hospital Patient Record Management System CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...) - TODO: check + NOT-FOR-US: Hospital Patient Record Management System CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) NOT-FOR-US: Sourcecodtester CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) @@ -6776,7 +6776,7 @@ CVE-2022-22794 CVE-2022-22793 RESERVED CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...) - TODO: check + NOT-FOR-US: MobiSoft CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code ...) NOT-FOR-US: SYNEL CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...) -- cgit v1.2.3