From 0dd8ebf2bc49f85382240c3eb6c395164603a283 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Mon, 26 Sep 2022 22:21:03 +0200 Subject: Process some NFUs --- data/CVE/list | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 5008f13e42..352e396894 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -3773,7 +3773,7 @@ CVE-2022-39961 CVE-2022-39960 (The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not ...) NOT-FOR-US: Atlassian CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389. ...) - vim (bug #1019590) [bullseye] - vim (Minor issue) @@ -4139,7 +4139,7 @@ CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect configur CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...) NOT-FOR-US: SourceCodester Clinics Patient Management System CVE-2022-3119 (The OAuth client Single Sign On WordPress plugin before 3.0.4 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...) NOT-FOR-US: Sourcecodehero ERP System Project CVE-2022-39808 @@ -5413,7 +5413,7 @@ CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360. .. NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360) CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3097 RESERVED CVE-2022-3096 @@ -5727,13 +5727,13 @@ CVE-2022-3077 (A buffer overflow vulnerability was found in the Linux kernel Int NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2123309 NOTE: https://git.kernel.org/linus/690b2549b19563ec5ad53e5c82f6a944d910086e (5.19-rc1) CVE-2022-3076 (The CM Download Manager WordPress plugin before 2.8.6 allows high priv ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 105.0.5 ...) {DSA-5225-1} - chromium 105.0.5195.102-1 [buster] - chromium (see DSA 5046) CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape the slid ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3073 RESERVED CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) @@ -5748,7 +5748,7 @@ CVE-2022-39079 CVE-2022-39078 RESERVED CVE-2022-3070 (The Generate PDF WordPress plugin before 3.6 does not sanitise and esc ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3071 (Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prio ...) {DSA-5223-1} - chromium 105.0.5195.52-1 @@ -5815,7 +5815,7 @@ CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipul NOT-FOR-US: OTRS NOTE: Could possibly affect Znuny, we'll let their security team figure it out CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and esca ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...) - octoprint (bug #718591) CVE-2022-39048 @@ -5837,7 +5837,7 @@ CVE-2022-3064 CVE-2022-3063 REJECTED CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...) - linux 5.18.2-1 NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5) @@ -6508,9 +6508,9 @@ CVE-2022-3027 (The CMS8000 device does not properly control or sanitize the SSID CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...) NOT-FOR-US: WP Users Exporter plugin for WordPress CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not h ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not hav ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-3023 RESERVED CVE-2022-3022 @@ -6742,7 +6742,7 @@ CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman c CVE-2022-2988 RESERVED CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress plugin befo ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2986 RESERVED - moodle @@ -7107,7 +7107,7 @@ CVE-2022-2928 CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...) NOT-FOR-US: NotrinosERP CVE-2022-2926 (The Download Manager WordPress plugin before 3.2.55 does not validate ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-38647 RESERVED CVE-2022-38646 @@ -7604,7 +7604,7 @@ CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's CVE-2022-2904 RESERVED CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2902 RESERVED CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...) @@ -14525,9 +14525,9 @@ CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...) - mattermost-server (bug #823556) CVE-2022-2405 (The WP Popup Builder WordPress plugin through 1.2.8 does not have auth ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2404 (The WP Popup Builder WordPress plugin through 1.2.8 does not sanitise ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2403 (A credentials leak was found in the OpenShift Container Platform. The ...) NOT-FOR-US: OpenShift CVE-2022-35863 @@ -15711,7 +15711,7 @@ CVE-2022-35402 CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper neutralization ...) NOT-FOR-US: microweber CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not ...) NOT-FOR-US: WordPress plugin CVE-2022-2350 @@ -27843,7 +27843,7 @@ CVE-2022-1757 (The pagebar WordPress plugin before 2.70 does not have CSRF check CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...) NOT-FOR-US: WordPress plugin CVE-2022-1755 (The SVG Support WordPress plugin before 2.5 does not properly handle S ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins Storable ...) NOT-FOR-US: Jenkins plugin CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not configure its ...) @@ -29879,7 +29879,7 @@ CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable rando CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...) NOT-FOR-US: WordPress plugin CVE-2022-1613 (The Restricted Site Access WordPress plugin before 7.3.2 prioritizes g ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF ...) NOT-FOR-US: WordPress plugin CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...) @@ -114944,7 +114944,7 @@ CVE-2021-24892 (Insecure Direct Object Reference in edit function of Advanced Fo CVE-2021-24891 (The Elementor Website Builder WordPress plugin before 3.4.8 does not s ...) NOT-FOR-US: WordPress plugin CVE-2021-24890 (The Scripts Organizer WordPress plugin before 3.0 does not have capabi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2021-24889 (The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not es ...) NOT-FOR-US: WordPress plugin CVE-2021-24888 (The ImageBoss WordPress plugin before 3.0.6 does not sanitise and esca ...) -- cgit v1.2.3