From da3ea95a472cc165d09eccd27b0233d1ed8a26be Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 3 Mar 2021 23:21:58 +0100 Subject: NFUs pillow ignored --- data/CVE/2020.list | 2 +- data/CVE/2021.list | 27 +++++++++++++++------------ 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 9aca45948f..bc8323cae4 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -51692,7 +51692,7 @@ CVE-2020-8298 CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...) - TODO: check + - nextcloud-server (bug #941708) CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) - nextcloud-server (bug #941708) CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 4fbc2b1073..371b6b181c 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -23,10 +23,13 @@ CVE-2021-27924 RESERVED CVE-2021-27923 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - pillow + [buster] - pillow (Minor issue) CVE-2021-27922 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - pillow + [buster] - pillow (Minor issue) CVE-2021-27921 (Pillow before 8.1.1 allows attackers to cause a denial of service (mem ...) - pillow + [buster] - pillow (Minor issue) CVE-2021-27920 RESERVED CVE-2021-27919 @@ -109,7 +112,7 @@ CVE-2021-27886 (rakibtg Docker Dashboard before 2021-02-28 allows command inject CVE-2021-27885 (usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protect ...) NOT-FOR-US: e107 CVE-2021-27884 (Weak JSON Web Token (JWT) signing secret generation in YMFE YApi throu ...) - TODO: check + NOT-FOR-US: YMFE YApi CVE-2021-27883 RESERVED CVE-2021-27882 @@ -1492,7 +1495,7 @@ CVE-2021-27217 CVE-2021-27216 RESERVED CVE-2021-27215 (An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x thro ...) - TODO: check + NOT-FOR-US: genua genugate CVE-2021-27214 (A Server-side request forgery (SSRF) vulnerability in the ProductConfi ...) NOT-FOR-US: Zoho ManageEngine ADSelfService Plus CVE-2021-27213 (config.py in pystemon before 2021-02-13 allows code execution via YAML ...) @@ -11155,9 +11158,9 @@ CVE-2021-22880 (The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, CVE-2021-22879 RESERVED CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site ...) - TODO: check + - nextcloud-server (bug #941708) CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...) - TODO: check + - nextcloud-server (bug #941708) CVE-2021-22876 RESERVED CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...) @@ -11185,11 +11188,11 @@ CVE-2021-22865 CVE-2021-22864 RESERVED CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub ...) - TODO: check + NOT-FOR-US: GitHub Enterprise CVE-2021-22862 (An improper access control vulnerability was identified in GitHub Ente ...) - TODO: check + NOT-FOR-US: GitHub Enterprise CVE-2021-22861 (An improper access control vulnerability was identified in GitHub Ente ...) - TODO: check + NOT-FOR-US: GitHub Enterprise CVE-2021-22860 RESERVED CVE-2021-22859 @@ -11568,7 +11571,7 @@ CVE-2021-22685 CVE-2021-22684 RESERVED CVE-2021-22683 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...) - TODO: check + NOT-FOR-US: Fatek FvDesigner CVE-2021-22682 RESERVED CVE-2021-22681 (Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, ...) @@ -11594,7 +11597,7 @@ CVE-2021-22672 CVE-2021-22671 RESERVED CVE-2021-22670 (An uninitialized pointer may be exploited in Fatek FvDesigner Version ...) - TODO: check + NOT-FOR-US: Fatek FvDesigner CVE-2021-22669 RESERVED CVE-2021-22668 @@ -11602,7 +11605,7 @@ CVE-2021-22668 CVE-2021-22667 (BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the ...) NOT-FOR-US: BB-ESWGP506-2SFP-T CVE-2021-22666 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-bas ...) - TODO: check + NOT-FOR-US: Fatek FvDesigner CVE-2021-22665 RESERVED CVE-2021-22664 @@ -11610,7 +11613,7 @@ CVE-2021-22664 CVE-2021-22663 (Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of u ...) NOT-FOR-US: Cscape CVE-2021-22662 (A use after free issue has been identified in Fatek FvDesigner Version ...) - TODO: check + NOT-FOR-US: Fatek FvDesigner CVE-2021-22661 (Changing the password on the module webpage does not require the user ...) NOT-FOR-US: ProSoft Technology CVE-2021-22660 @@ -11658,7 +11661,7 @@ CVE-2021-22640 CVE-2021-22639 (An uninitialized pointer issue has been identified in the way the appl ...) NOT-FOR-US: Fuji Electric CVE-2021-22638 (Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-b ...) - TODO: check + NOT-FOR-US: Fatek FvDesigner CVE-2021-22637 (Multiple stack-based buffer overflow issues have been identified in th ...) NOT-FOR-US: Fuji Electric CVE-2021-22636 -- cgit v1.2.3