From fee95ad93932e89e966fb55a53a24503fff0eb5e Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 27 Mar 2023 22:13:35 +0200 Subject: Process some NFUs --- data/CVE/list | 68 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 34 insertions(+), 34 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 84e4b9cb3d..2e63e36c65 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1973,7 +1973,7 @@ CVE-2023-1402 (The course participation report required additional checks to pre CVE-2023-1401 RESERVED CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin through 5.16.2 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted d ...) TODO: check CVE-2023-1398 (A vulnerability classified as critical was found in XiaoBingBy TeaCMS ...) @@ -3682,7 +3682,7 @@ CVE-2023-1186 (A vulnerability has been found in FabulaTech Webcam for Remote De CVE-2023-1185 (A vulnerability, which was classified as problematic, was found in ECs ...) NOT-FOR-US: ECshop CVE-2020-36666 (The directory-pro WordPress plugin before 1.9.5, final-user-wp-fronten ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-XXXX [Transaction cache overrides the current user] - tryton-server 6.0.29-1 [bullseye] - tryton-server (Vulnerable code not present) @@ -5142,21 +5142,21 @@ CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error CVE-2023-1094 RESERVED CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does not have ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Alpata Licensed Warehousing Automation System CVE-2023-1090 RESERVED CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1087 (The WC Sales Notification WordPress plugin before 1.2.3 does not have ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does not have ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1085 RESERVED CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) @@ -5300,7 +5300,7 @@ CVE-2023-1071 CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...) - teampass (bug #730180) CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is vulnerable ...) NOT-FOR-US: Download Read More Excerpt Link plugin for WordPress CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) @@ -6978,7 +6978,7 @@ CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation CVE-2023-26512 RESERVED CVE-2023-1025 (The Simple File List WordPress plugin before 6.0.10 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...) NOT-FOR-US: WP Meta SEO plugin for WordPress CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plu ...) @@ -7558,7 +7558,7 @@ CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022. CVE-2023-0956 RESERVED CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0954 RESERVED CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...) @@ -9111,7 +9111,7 @@ CVE-2023-0825 CVE-2023-0824 RESERVED CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin be ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-25760 RESERVED CVE-2023-25759 @@ -9317,7 +9317,7 @@ CVE-2023-25728 CVE-2023-24585 RESERVED CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several potentia ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...) NOT-FOR-US: OpenNMS CVE-2023-0814 (The Profile Builder – User Profile & User Registration Forms ...) @@ -11092,7 +11092,7 @@ CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before CVE-2023-0661 (Improper access control in Devolutions Server allows an authenticated ...) NOT-FOR-US: Devolutions CVE-2023-0660 (The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been clas ...) NOT-FOR-US: BDCOM CVE-2022-4901 (Multiple stored XSS vulnerabilities in Sophos Connect versions older t ...) @@ -11898,7 +11898,7 @@ CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_a [bullseye] - linux 5.10.158-1 NOTE: https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2) CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0588 RESERVED CVE-2022-4900 @@ -12856,27 +12856,27 @@ CVE-2023-0507 (Grafana is an open-source platform for monitoring and observabili CVE-2023-0506 RESERVED CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have CSRF che ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0503 (The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2. ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0502 (The WP News WordPress plugin through 1.1.9 does not have CSRF check wh ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0501 (The WP Insurance WordPress plugin before 2.1.4 does not have CSRF chec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0500 (The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF ch ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0499 (The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0498 (The WP Education WordPress plugin before 1.2.7 does not have CSRF chec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0497 (The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF chec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF check wh ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0494 [Xi: fix potential use-after-free in DeepCopyPointerClasses] RESERVED {DSA-5342-1 DLA-3310-1} @@ -12927,7 +12927,7 @@ CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...) NOT-FOR-US: WordPress plugin CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0490 RESERVED CVE-2023-0489 @@ -12941,7 +12941,7 @@ CVE-2023-0486 CVE-2023-0485 RESERVED CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg B ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...) @@ -13048,7 +13048,7 @@ CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_che NOTE: https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7) NOTE: https://git.kernel.org/linus/a26a35e9019fd70bf3cf647dcfdae87abc7bacea (6.1-rc7) CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0466 RESERVED CVE-2023-0465 @@ -13317,7 +13317,7 @@ CVE-2023-0443 CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0440 (Observable Discrepancy in GitHub repository healthchecks/healthchecks ...) NOT-FOR-US: healthchecks CVE-2023-0439 @@ -14615,7 +14615,7 @@ CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of S CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...) NOT-FOR-US: Zephyr CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not validate and ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0393 RESERVED CVE-2023-0392 @@ -15089,9 +15089,9 @@ CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository liran CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...) NOT-FOR-US: lirantal/daloradius CVE-2023-0336 (The OoohBoi Steroids for Elementor WordPress plugin through 2.1.3 has ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0335 (The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken acces ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not ...) NOT-FOR-US: WordPress plugin CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not valid ...) @@ -15655,7 +15655,7 @@ CVE-2023-0274 CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...) NOT-FOR-US: WordPress plugin CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not validate an ...) NOT-FOR-US: WordPress plugin CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does no ...) -- cgit v1.2.3