From 55895bdda65634139e5b8ea5b394b64dfabcd046 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 7 Feb 2022 21:30:03 +0100 Subject: Process several NFUs --- data/CVE/list.2021 | 46 +++++++++++++++++++++++----------------------- data/CVE/list.2022 | 14 +++++++------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index 30c7217b88..eb13a890d4 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -914,7 +914,7 @@ CVE-2021-46284 CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...) NOT-FOR-US: WordPress plugin CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...) NOT-FOR-US: WordPress plugin CVE-2021-44760 @@ -19302,7 +19302,7 @@ CVE-2021-39023 CVE-2021-39022 RESERVED CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-39020 RESERVED CVE-2021-39019 @@ -19424,7 +19424,7 @@ CVE-2021-38962 CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...) NOT-FOR-US: IBM CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...) - TODO: check + NOT-FOR-US: IBM CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...) NOT-FOR-US: IBM CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...) @@ -21445,7 +21445,7 @@ CVE-2021-38132 CVE-2021-38131 RESERVED CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...) - TODO: check + NOT-FOR-US: Micro Focus CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...) NOT-FOR-US: Micro Focus CVE-2021-38128 @@ -53390,7 +53390,7 @@ CVE-2021-25116 CVE-2021-25115 RESERVED CVE-2021-25114 (The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25113 RESERVED CVE-2021-25112 @@ -53402,17 +53402,17 @@ CVE-2021-25110 CVE-2021-25109 RESERVED CVE-2021-25108 (The IP2Location Country Blocker WordPress plugin before 2.26.6 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25107 RESERVED CVE-2021-25106 (The Privacy Policy Generator, Terms & Conditions Generator WordPre ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25105 (The Ivory Search WordPress plugin before 5.4.1 does not escape some of ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25104 RESERVED CVE-2021-25103 (The Translate WordPress with GTranslate WordPress plugin before 2.9.7 ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25102 RESERVED CVE-2021-25101 @@ -53426,9 +53426,9 @@ CVE-2021-25098 CVE-2021-25097 (The LabTools WordPress plugin through 1.0 does not have proper authori ...) NOT-FOR-US: WordPress plugin CVE-2021-25096 (The IP2Location Country Blocker WordPress plugin before 2.26.5 bans ca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25095 (The IP2Location Country Blocker WordPress plugin before 2.26.5 does no ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25094 RESERVED CVE-2021-25093 (The Link Library WordPress plugin before 7.2.8 does not have authorisa ...) @@ -53450,7 +53450,7 @@ CVE-2021-25086 CVE-2021-25085 (The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape ...) NOT-FOR-US: WordPress plugin CVE-2021-25084 (The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25083 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) NOT-FOR-US: WordPress plugin CVE-2021-25082 @@ -53464,7 +53464,7 @@ CVE-2021-25079 (The Contact Form Entries WordPress plugin before 1.2.4 does not CVE-2021-25078 (The Affiliates Manager WordPress plugin before 2.9.0 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2021-25077 (The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does n ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25076 (The WP User Frontend WordPress plugin before 3.5.26 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2021-25075 @@ -53560,7 +53560,7 @@ CVE-2021-25031 (The Image Hover Effects Ultimate (Image Gallery, Effects, Lightb CVE-2021-25030 (The Events Made Easy WordPress plugin before 2.2.36 does not sanitise ...) NOT-FOR-US: WordPress plugin CVE-2021-25029 (The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25028 (The Event Tickets WordPress plugin before 5.2.2 does not validate the ...) NOT-FOR-US: WordPress plugin CVE-2021-25027 (The PowerPack Addons for Elementor WordPress plugin before 2.6.2 does ...) @@ -53610,7 +53610,7 @@ CVE-2021-25006 CVE-2021-25005 (The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and e ...) NOT-FOR-US: WordPress plugin CVE-2021-25004 (The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-25003 RESERVED CVE-2021-25002 @@ -53632,7 +53632,7 @@ CVE-2021-24995 CVE-2021-24994 RESERVED CVE-2021-24993 (The Ultimate Product Catalog WordPress plugin before 5.0.26 does not h ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24992 (The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24991 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin befo ...) @@ -53724,7 +53724,7 @@ CVE-2021-24949 (The "WP Search Filters" widget of The Plus Addons for Elementor CVE-2021-24948 (The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does ...) NOT-FOR-US: WordPress plugin CVE-2021-24947 (The RVM WordPress plugin before 6.4.2 does not have proper authorisati ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24946 (The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not ...) NOT-FOR-US: WordPress plugin CVE-2021-24945 (The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 ...) @@ -53762,7 +53762,7 @@ CVE-2021-24930 (The WordPress Online Booking and Scheduling Plugin WordPress plu CVE-2021-24929 RESERVED CVE-2021-24928 (The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24927 (The My Calendar WordPress plugin before 3.2.18 does not sanitise and e ...) NOT-FOR-US: WordPress plugin CVE-2021-24926 (The Domain Check WordPress plugin before 1.0.17 does not sanitise and ...) @@ -53858,11 +53858,11 @@ CVE-2021-24882 (The Slideshow Gallery WordPress plugin before 1.7.4 does not san CVE-2021-24881 RESERVED CVE-2021-24880 (The SupportCandy WordPress plugin before 2.2.7 does not validate and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24879 (The SupportCandy WordPress plugin before 2.2.7 does not have CSRF chec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24878 (The SupportCandy WordPress plugin before 2.2.7 does not sanitise and e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24877 (The MainWP Child WordPress plugin before 4.1.8 does not validate the o ...) NOT-FOR-US: WordPress plugin CVE-2021-24876 (The Registrations for the Events Calendar WordPress plugin before 2.7. ...) @@ -53932,7 +53932,7 @@ CVE-2021-24845 (The Improved Include Page WordPress plugin through 1.2 allows pa CVE-2021-24844 (The Affiliates Manager WordPress plugin before 2.8.7 does not validate ...) NOT-FOR-US: WordPress plugin CVE-2021-24843 (The SupportCandy WordPress plugin before 2.2.7 does not have CRSF chec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24842 (The Bulk Datetime Change WordPress plugin before 1.12 does not enforce ...) NOT-FOR-US: WordPress plugin CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and escap ...) @@ -53940,7 +53940,7 @@ CVE-2021-24841 (The Helpful WordPress plugin before 4.4.59 does not sanitise and CVE-2021-24840 (The Squaretype WordPress theme before 3.0.4 allows unauthenticated use ...) NOT-FOR-US: WordPress theme CVE-2021-24839 (The SupportCandy WordPress plugin before 2.2.5 does not have authorisa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24838 (The AnyComment WordPress plugin through 0.2.17 has an API endpoint whi ...) NOT-FOR-US: WordPress plugin CVE-2021-24837 diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index 85c46d169f..f028eeafd4 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -1755,7 +1755,7 @@ CVE-2022-23982 CVE-2022-23981 RESERVED CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Ye ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) NOT-FOR-US: WordPress plugin CVE-2022-23978 @@ -1777,9 +1777,9 @@ CVE-2022-0382 [net ticp:fix a kernel-infoleak in __tipc_sendmsg()] - linux 5.15.15-1 NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523 CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) NOT-FOR-US: microweber CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) @@ -2296,7 +2296,7 @@ CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 b CVE-2022-23806 RESERVED CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2022-23804 RESERVED CVE-2022-23803 @@ -3897,7 +3897,7 @@ CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR Word CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) NOT-FOR-US: jadx CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0216 RESERVED CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) @@ -5262,9 +5262,9 @@ CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions sta CVE-2022-0150 RESERVED CVE-2022-0149 (The WooCommerce WordPress plugin before 2.7.1 was affected by a Reflec ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-0147 RESERVED CVE-2022-0146 -- cgit v1.2.3