From 0a21633b3859934c2e1f4ef7a1825e1cb009ebee Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 26 Mar 2023 21:13:41 +0200 Subject: Process NFU --- data/CVE/list | 308 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 154 insertions(+), 154 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index a2a4e91c3a..ccaccc1302 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1359,7 +1359,7 @@ CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel thro CVE-2023-28449 RESERVED CVE-2023-28448 (Versionize is a framework for version tolerant serializion/deserializa ...) - TODO: check + NOT-FOR-US: Versionize (firecracker-microvm / framework for version tolerant serializion/deserialization of Rust data structures) CVE-2023-28447 RESERVED CVE-2023-28446 (Deno is a simple, modern and secure runtime for JavaScript and TypeScr ...) @@ -14833,7 +14833,7 @@ CVE-2023-23709 CVE-2023-23708 RESERVED CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-23706 RESERVED CVE-2023-23705 @@ -28320,13 +28320,13 @@ CVE-2022-45639 (** DISPUTED ** OS Command injection vulnerability in sleuthkit f CVE-2022-45638 RESERVED CVE-2022-45637 (An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Ap ...) - TODO: check + NOT-FOR-US: MEGAFEIS CVE-2022-45636 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & ...) - TODO: check + NOT-FOR-US: MEGAFEIS CVE-2022-45635 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & ...) - TODO: check + NOT-FOR-US: MEGAFEIS CVE-2022-45634 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & ...) - TODO: check + NOT-FOR-US: MEGAFEIS CVE-2022-45633 RESERVED CVE-2022-45632 @@ -30493,9 +30493,9 @@ CVE-2022-45006 CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...) NOT-FOR-US: IP-COM EW9 CVE-2022-45004 (Gophish through 0.12.1 was discovered to contain a cross-site scriptin ...) - TODO: check + NOT-FOR-US: Gophish CVE-2022-45003 (Gophish through 0.12.1 allows attackers to cause a Denial of Service ( ...) - TODO: check + NOT-FOR-US: Gophish CVE-2022-45002 RESERVED CVE-2022-45001 @@ -31059,7 +31059,7 @@ CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. T CVE-2022-44743 RESERVED CVE-2022-44742 (Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Le ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) NOT-FOR-US: WordPress plugin CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative ...) @@ -31827,229 +31827,229 @@ CVE-2023-21081 CVE-2023-21080 RESERVED CVE-2023-21079 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21078 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21077 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21076 (In createTransmitFollowupRequest of nan.cpp, there is a possible out o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21075 (In get_svc_hash of nan.cpp, there is a possible out of bounds write du ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21074 RESERVED CVE-2023-21073 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21072 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21071 (In dhd_prot_ioctcmplt_process of dhd_msgbuf.c, there is a possible out ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21070 (In add_roam_cache_list of wl_roam.c, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21069 (In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible out of ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21068 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21067 (Product: AndroidVersions: Android kernelAndroid ID: A-254114726Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21066 RESERVED CVE-2023-21065 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21064 (In DoSetPinControl of miscservice.cpp, there is a possible out of boun ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21063 (In ParseWithAuthType of simdata.cpp, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21062 (In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds r ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21061 (Product: AndroidVersions: Android kernelAndroid ID: A-229255400Referen ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21060 (In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21059 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21058 (In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible ou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21057 (In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21056 (In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memo ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21055 (In dit_hal_ioctl of dit.c, there is a possible use after free due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21054 (In EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c, there is a possi ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21053 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21052 (In setToExternal of ril_external_client.cpp, there is a possible out o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21051 (In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bo ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21050 (In load_png_image of ExynosHWCHelper.cpp, there is a possible out of b ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21049 (In append_camera_metadata of camera_metadata.c, there is a possible ou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21048 (In handleEvent of nan.cpp, there is a possible out of bounds read due ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21047 (In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of b ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21046 (In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of b ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21045 (When cpif handles probe failures, there is a possible out of bounds re ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21044 (In init of VendorGraphicBufferMeta, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21043 (In (TBD) of (TBD), there is a possible way to corrupt memory due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21042 (In (TBD) of (TBD), there is a possible way to corrupt memory due to a ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21041 (In append_to_params of param_util.c, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21040 (In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21039 (In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21038 (In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21037 RESERVED CVE-2023-21036 (In BitmapExport.java, there is a possible failure to truncate images d ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21035 (In multiple functions of BackupHelper.java, there is a possible way fo ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21034 (In multiple functions of SensorService.cpp, there is a possible access ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21033 (In addNetwork of WifiManager.java, there is a possible way to trigger ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21032 (In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21031 (In Display::setPowerMode of HWC2.cpp, there is a possible out of bound ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21030 (In Confirmation of keystore_cli_v2.cpp, there is a possible way to cor ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21029 (In register of UidObserverController.java, there is a missing permissi ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21028 (In parse_printerAttributes of ipphelper.c, there is a possible out of ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21027 (In serializePasspointConfiguration of PasspointXmlUtils.java, there is ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21026 (In updateInputChannel of WindowManagerService.java, there is a possibl ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21025 (In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21024 (In maybeFinish of FallbackHome.java, there is a possible delay of lock ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21023 RESERVED CVE-2023-21022 (In BufferBlock of Suballocation.cpp, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21021 (In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21020 (In registerSignalHandlers of main.c, there is a possible local arbitra ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21019 (In ih264e_init_proc_ctxt of ih264e_process.c, there is a possible out ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21018 (In UnwindingWorker of unwinding.cc, there is a possible out of bounds ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21017 (In InstallStart of InstallStart.java, there is a possible way to chang ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21016 (In AccountTypePreference of AccountTypePreference.java, there is a pos ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21015 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21014 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21013 (In forceStaDisconnection of hostapd.cpp, there is a possible out of bo ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21012 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21011 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21010 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21009 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21008 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21007 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21006 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21005 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21004 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21003 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21002 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21001 (In onContextItemSelected of NetworkProviderSettings.java, there is a p ...) - TODO: check + NOT-FOR-US: Android CVE-2023-21000 (In MediaCodec.cpp, there is a possible use after free due to improper ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20999 (In multiple locations, there is a possible way to trigger a persistent ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20998 (In multiple locations, there is a possible way to trigger a persistent ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20997 (In multiple locations, there is a possible way to trigger a persistent ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20996 (In multiple locations, there is a possible way to trigger a persistent ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20995 (In captureImage of CustomizedSensor.cpp, there is a possible way to by ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20994 (In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20993 (In multiple functions of SnoozeHelper.java, there is a possible failur ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20992 (In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20991 (In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_inter ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20990 (In btm_read_local_oob_complete of btm_sec.cc, there is a possible out ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20989 (In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there is a pos ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20988 (In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bo ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20987 (In btm_read_link_quality_complete of btm_acl.cc, there is a possible o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20986 (In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20985 (In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a pos ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20984 (In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of b ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20983 (In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20982 (In btm_read_tx_power_complete of btm_acl.cc, there is a possible out o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20981 (In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20980 (In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20979 (In BtaAvCo::GetNextSourceDataPacket of bta_av_co.cc, there is a possib ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20978 RESERVED CVE-2023-20977 (In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20976 (In getConfirmationMessage of DefaultAutofillPicker.java, there is a po ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20975 (In getAvailabilityStatus of EnableContentCapturePreferenceController.j ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20974 (In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, th ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20973 (In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20972 (In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out o ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20971 (In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.j ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20970 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20969 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20968 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) - TODO: check + NOT-FOR-US: Android CVE-2023-20967 RESERVED CVE-2023-20966 (In inflate of inflate.c, there is a possible out of bounds write due t ...) @@ -35621,9 +35621,9 @@ CVE-2023-20115 CVE-2023-20114 RESERVED CVE-2023-20113 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow an una ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20111 RESERVED CVE-2023-20110 @@ -35633,7 +35633,7 @@ CVE-2023-20109 CVE-2023-20108 RESERVED CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG), also ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20106 RESERVED CVE-2023-20105 @@ -35647,13 +35647,13 @@ CVE-2023-20102 CVE-2023-20101 RESERVED CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the Contro ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20099 RESERVED CVE-2023-20098 RESERVED CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could allow an au ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20096 RESERVED CVE-2023-20095 @@ -35683,11 +35683,11 @@ CVE-2023-20084 CVE-2023-20083 RESERVED CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Serie ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20081 (A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adapt ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20080 (A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server f ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface of cert ...) NOT-FOR-US: Cisco CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...) @@ -35703,7 +35703,7 @@ CVE-2023-20074 CVE-2023-20073 RESERVED CVE-2023-20072 (A vulnerability in the fragmentation handling code of tunnel protocol ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20071 RESERVED CVE-2023-20070 @@ -35713,11 +35713,11 @@ CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco P CVE-2023-20068 RESERVED CVE-2023-20067 (A vulnerability in the HTTP-based client profiling feature of Cisco IO ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20066 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20065 (A vulnerability in the Cisco IOx application hosting subsystem of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS X ...) NOT-FOR-US: Cisco's use of GRUB CVE-2023-20063 @@ -35729,15 +35729,15 @@ CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center co CVE-2023-20060 RESERVED CVE-2023-20059 (A vulnerability in the implementation of the Cisco Network Plug-and-Pl ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2023-20057 (A vulnerability in the URL filtering mechanism of Cisco AsyncOS Softwa ...) NOT-FOR-US: Cisco CVE-2023-20056 (A vulnerability in the management CLI of Cisco access point (AP) softw ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20055 (A vulnerability in the management API of Cisco DNA Center could allow ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20054 RESERVED CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco Nexus D ...) @@ -35780,7 +35780,7 @@ CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could allow CVE-2023-20036 RESERVED CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20034 RESERVED CVE-2023-20033 @@ -35796,11 +35796,11 @@ CVE-2023-20031 CVE-2023-20030 RESERVED CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS XE Softw ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20028 RESERVED CVE-2023-20027 (A vulnerability in the implementation of the IPv4 Virtual Fragmentatio ...) - TODO: check + NOT-FOR-US: Cisco CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco Small B ...) @@ -37106,7 +37106,7 @@ CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability i CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability in Adeel Ahmed's IP Blacklist ...) NOT-FOR-US: Adeel Ahmed's IP Blacklist CVE-2022-43461 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainFor ...) NOT-FOR-US: WordPress plugin CVE-2022-43458 @@ -37149,7 +37149,7 @@ CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge Connec CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro ...) NOT-FOR-US: WordPress plugin CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galax ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-42479 RESERVED CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Adeel Ahmed's ...) @@ -37179,7 +37179,7 @@ CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce p CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress plugin < ...) NOT-FOR-US: WordPress plugin CVE-2022-41831 (Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett W ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooComm ...) NOT-FOR-US: WordPress plugin CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...) @@ -37191,7 +37191,7 @@ CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in CVE-2022-41786 RESERVED CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Gall ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin & ...) NOT-FOR-US: WordPress plugin CVE-2022-41698 @@ -37207,7 +37207,7 @@ CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3. CVE-2022-41619 RESERVED CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affil ...) NOT-FOR-US: WordPress plugin CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabili ...) @@ -37223,7 +37223,7 @@ CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...) NOT-FOR-US: WordPress plugin CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post For ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-38716 RESERVED CVE-2022-38702 @@ -38739,7 +38739,7 @@ CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure Pe CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases ...) NOT-FOR-US: Mikrotik CVE-2022-42948 (Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are d ...) - TODO: check + NOT-FOR-US: Cobalt Strike CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk Maya 2023 ...) NOT-FOR-US: Autodesk CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya ...) @@ -39968,7 +39968,7 @@ CVE-2022-42530 (In Pixel firmware, there is a possible out of bounds read due to CVE-2022-42529 (Product: AndroidVersions: Android kernelAndroid ID: A-235292841Referen ...) NOT-FOR-US: Android CVE-2022-42528 (In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic ...) - TODO: check + NOT-FOR-US: Android CVE-2022-42527 (In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a m ...) NOT-FOR-US: Android CVE-2022-42526 (In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out o ...) @@ -40024,11 +40024,11 @@ CVE-2022-42502 (In FacilityLock::Parse of simdata.cpp, there is a possible out o CVE-2022-42501 (In HexString2Value of util.cpp, there is a possible out of bounds writ ...) NOT-FOR-US: Android CVE-2022-42500 (In OEM_OnRequest of sced.cpp, there is a possible shell command execut ...) - TODO: check + NOT-FOR-US: Android CVE-2022-42499 (In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible ou ...) - TODO: check + NOT-FOR-US: Android CVE-2022-42498 (In Pixel cellular firmware, there is a possible out of bounds write du ...) - TODO: check + NOT-FOR-US: Android CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON input. ...) - haskell-aeson 2.0.3.0-1 (bug #1009678) [bullseye] - haskell-aeson (Minor issue) @@ -42507,7 +42507,7 @@ CVE-2022-40702 CVE-2022-40700 RESERVED CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr – ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com ...) NOT-FOR-US: WordPress plugin CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News ...) @@ -42537,7 +42537,7 @@ CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor vulne CVE-2022-38141 RESERVED CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-38057 RESERVED CVE-2022-38055 @@ -50021,15 +50021,15 @@ CVE-2022-38706 CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2022-38458 (A cleartext transmission vulnerability exists in the Remote Management ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...) NOT-FOR-US: CentreCOM AR260S CVE-2022-38094 (OS command injection vulnerability in the telnet function of CentreCOM ...) NOT-FOR-US: CentreCOM AR260S CVE-2022-37337 (A command execution vulnerability exists in the access control functio ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-36429 (A command execution vulnerability exists in the ubus backend communica ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-35273 (OS command injection vulnerability in GUI setting page of CentreCOM AR ...) NOT-FOR-US: CentreCOM AR260S CVE-2022-34869 (Undocumented hidden command that can be executed from the telnet funct ...) @@ -50712,7 +50712,7 @@ CVE-2022-38472 (An attacker could have abused XSLT error handling to associate a CVE-2022-38471 RESERVED CVE-2022-38452 (A command execution vulnerability exists in the hidden telnet service ...) - TODO: check + NOT-FOR-US: Netgear CVE-2022-2920 RESERVED CVE-2022-2919 @@ -56272,7 +56272,7 @@ CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scoot CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...) NOT-FOR-US: Scooter Beyond Compare CVE-2022-36413 (Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a b ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests ...) NOT-FOR-US: Zoho CVE-2022-36411 @@ -60650,7 +60650,7 @@ CVE-2022-34155 CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Server plug ...) NOT-FOR-US: WordPress plugin CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-33974 RESERVED CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osama ...) @@ -74320,7 +74320,7 @@ CVE-2022-30039 CVE-2022-30038 RESERVED CVE-2022-30037 (XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP fi ...) - TODO: check + NOT-FOR-US: XunRuiCMS CVE-2022-30036 (MA Lighting grandMA2 Light has a password of root for the root account ...) NOT-FOR-US: MA Lighting grandMA2 Light CVE-2022-30035 -- cgit v1.2.3