From 1c973326d9509c2058232ff514a31c8df6a08a7b Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 28 Oct 2023 16:09:40 +0200 Subject: Process some NFUs --- data/CVE/list | 60 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 30 insertions(+), 30 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 6ea842d79b..cf3adba386 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -37,11 +37,11 @@ CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in St CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...) NOT-FOR-US: WordPress plugin CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...) - TODO: check + NOT-FOR-US: Leave Management System Project CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5. ...) - TODO: check + NOT-FOR-US: ZPE Systems CVE-2023-40140 (In android_view_InputDevice_create of android_view_InputDevice.cpp, th ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40139 (In FillUi of FillUi.java, there is a possible way to view another user ...) TODO: check CVE-2023-40138 (In FillUi of FillUi.java, there is a possible way to view another user ...) @@ -61,27 +61,27 @@ CVE-2023-40131 (In GpuService of GpuService.cpp, there is a possible use after f CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a possible ...) TODO: check CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40128 (In several functions of xmlregexp.c, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40127 (In multiple locations, there is a possible way to access screenshots d ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40125 (In onCreate of ApnEditor.java, there is a possible way for a Guest use ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40123 (In updateActionViews of PipMenuView.java, there is a possible bypass o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40121 (In appendEscapedSQLString of DatabaseUtils.java, there is a possible S ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40120 (In multiple locations, there is a possible way to bypass user notifica ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40117 (In resetSettingsLocked of SettingsProvider.java, there is a possible l ...) - TODO: check + NOT-FOR-US: Android CVE-2023-40116 (In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to ...) - TODO: check + NOT-FOR-US: Android CVE-2023-35794 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...) - TODO: check + NOT-FOR-US: Cassia Access Controller CVE-2023-32738 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alka ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-5829 (A vulnerability was found in code-projects Admission Management System ...) NOT-FOR-US: code-projects Admission Management System CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial Develo ...) @@ -141,9 +141,9 @@ CVE-2023-46246 (Vim is an improved version of the good old UNIX editor Vi. Heap- NOTE: https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a (v9.0.2068) NOTE: Crash in CLI tool, no security impact CVE-2023-44377 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) - TODO: check + NOT-FOR-US: Online Art Gallery CVE-2023-44376 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) - TODO: check + NOT-FOR-US: Online Art Gallery CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) NOT-FOR-US: SourceCodester Task Reminder System CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...) @@ -30404,7 +30404,7 @@ CVE-2023-29011 (Git for Windows, the Windows port of Git, ships with an executab CVE-2023-29010 (Budibase is a low code platform for creating internal tools, workflows ...) NOT-FOR-US: budibase CVE-2023-29009 (baserCMS is a website development framework with WebAPI that runs on P ...) - TODO: check + NOT-FOR-US: baserCMS CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...) NOT-FOR-US: SvelteKit CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...) @@ -34527,7 +34527,7 @@ CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose s CVE-2023-27859 RESERVED CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary code execut ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...) NOT-FOR-US: Rockwell CVE-2023-27856 (In affected versions, path traversal exists when processing a message ...) @@ -34535,7 +34535,7 @@ CVE-2023-27856 (In affected versions, path traversal exists when processing a me CVE-2023-27855 (In affected versions, a path traversal exists when processing a messag ...) NOT-FOR-US: Rockwell CVE-2023-27854 (An arbitrary code execution vulnerability was reported to Rockwell Aut ...) - TODO: check + NOT-FOR-US: Rockwell Automation CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...) NOT-FOR-US: OpenHarmony CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...) @@ -68932,11 +68932,11 @@ CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) NOT-FOR-US: ETIC Telecom Remote Access Server (RAS) CVE-2022-3702 (A denial of service vulnerability was reported in Lenovo Vantage Hardw ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3701 (A privilege elevation vulnerability was reported in the Lenovo Vantage ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3700 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in the ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo Hardwa ...) NOT-FOR-US: Lenovo CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) @@ -69009,7 +69009,7 @@ CVE-2022-3683 (A vulnerability exists in the SDM600 API web services authorizati CVE-2022-3682 (A vulnerability exists in the SDM600 file permission validation. An a ...) NOT-FOR-US: ABB SDM600 CVE-2022-3681 (A vulnerability has been identified in the MR2600 router v1.0.18 and e ...) - TODO: check + NOT-FOR-US: MR2600 router CVE-2022-43746 RESERVED CVE-2022-43745 @@ -69994,7 +69994,7 @@ CVE-2022-3613 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2022-3612 RESERVED CVE-2022-3611 (An information disclosure vulnerability has been identified in the Len ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...) NOT-FOR-US: WordPress plugin CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sani ...) @@ -72761,7 +72761,7 @@ CVE-2022-38451 (A directory traversal vulnerability exists in the httpd update.c CVE-2022-38091 RESERVED CVE-2022-3429 (A denial-of-service vulnerability was found in the firmware used in Le ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-3428 RESERVED CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request ...) @@ -93463,9 +93463,9 @@ CVE-2022-34889 (This vulnerability allows local attackers to escalate privileges CVE-2022-34888 (The Remote Mount feature can potentially be abused by valid, authentic ...) NOT-FOR-US: Lenovo CVE-2022-34887 (Standard users can directly operate and set printer configuration info ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-34886 (A remote code execution vulnerability was found in the firmware used i ...) - TODO: check + NOT-FOR-US: Lenovo CVE-2022-34885 (An improper input sanitization vulnerability in the Motorola MR2600 ro ...) NOT-FOR-US: Motorola CVE-2022-34884 (A buffer overflow exists in the Remote Presence subsystem which can po ...) @@ -93619,11 +93619,11 @@ CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error a NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html NOTE: https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (v2022.07-rc6) CVE-2022-34834 (An issue was discovered in VERMEG AgileReporter 21.3. Attackers can ga ...) - TODO: check + NOT-FOR-US: VERMEG AgileReporter CVE-2022-34833 (An issue was discovered in VERMEG AgileReporter 21.3. An admin can ent ...) - TODO: check + NOT-FOR-US: VERMEG AgileReporter CVE-2022-34832 (An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur vi ...) - TODO: check + NOT-FOR-US: VERMEG AgileReporter CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...) NOT-FOR-US: Keyfactor CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race Condition t ...) -- cgit v1.2.3