From dae61f409f2e771cd2416a40ec6ea96feb4a02c6 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Fri, 26 Apr 2024 15:47:16 +0200 Subject: Process some NFUs --- data/CVE/list | 62 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 2dcda64e4a..22d9fe6c63 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -12,19 +12,19 @@ CVE-2024-3890 (The Happy Addons for Elementor plugin for WordPress is vulnerable CVE-2024-3678 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...) NOT-FOR-US: WordPress plugin CVE-2024-3265 (The Advanced Search WordPress plugin through 1.1.6 does not properly e ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3188 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress plugin b ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3075 (The MM-email2image WordPress plugin through 0.2.5 does not validate an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3060 (The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize an ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3059 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3058 (The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF c ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-3048 (The Bannerlid WordPress plugin through 1.1.0 does not escape generated ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33673 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) NOT-FOR-US: Veritas CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The Multi-Th ...) @@ -32,9 +32,9 @@ CVE-2024-33672 (An issue was discovered in Veritas NetBackup before 10.4. The Mu CVE-2024-33671 (An issue was discovered in Veritas Backup Exec before 22.2 HotFix 9173 ...) NOT-FOR-US: Veritas CVE-2024-33670 (Passbolt API before 4.6.2 allows HTML injection in a URL parameter, re ...) - TODO: check + NOT-FOR-US: Passbolt API CVE-2024-33669 (An issue was discovered in Passbolt Browser Extension before 4.6.2. It ...) - TODO: check + NOT-FOR-US: Passbolt Browser Extension CVE-2024-33668 (An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cach ...) TODO: check CVE-2024-33667 (An issue was discovered in Zammad before 6.3.0. An authenticated agent ...) @@ -48,21 +48,21 @@ CVE-2024-33664 (python-jose through 3.3.0 allows attackers to cause a denial of CVE-2024-33663 (python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...) TODO: check CVE-2024-33661 (Portainer before 2.20.0 allows redirects when the target is not index. ...) - TODO: check + NOT-FOR-US: Portainer CVE-2024-33651 (Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gi ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33650 (Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Se ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33642 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33639 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33638 (Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Sma ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-33598 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-32868 (ZITADEL provides users the possibility to use Time-based One-Time-Pass ...) - TODO: check + NOT-FOR-US: Zitadel CVE-2024-32651 (changedetection.io is an open source web page change detection, websit ...) TODO: check CVE-2024-32406 (Server-Side Template Injection (SSTI) vulnerability in inducer relate ...) @@ -72,33 +72,33 @@ CVE-2024-32404 (Server-Side Template Injection (SSTI) vulnerability in inducer r CVE-2024-31755 (cJSON v1.7.17 was discovered to contain a segmentation violation, whic ...) TODO: check CVE-2024-31610 (File Upload vulnerability in the function for employees to upload avat ...) - TODO: check + NOT-FOR-US: Code-Projects Simple School Management System CVE-2024-31609 (Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attac ...) - TODO: check + NOT-FOR-US: BOSSCMS CVE-2024-2920 (The WP-Members Membership Plugin plugin for WordPress is vulnerable to ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2908 (The Call Now Button WordPress plugin before 1.4.7 does not sanitise a ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2837 (The WP Chat App WordPress plugin before 3.6.4 does not sanitise and es ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2603 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2439 (The Salon booking system WordPress plugin through 9.6.5 does not sanit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2429 (The Salon booking system WordPress plugin through 9.6.5 does not have ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2310 (The WP Google Review Slider WordPress plugin before 13.6 does not sani ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-2159 (The Social Sharing Plugin WordPress plugin before 3.3.61 does not val ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-22633 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...) - TODO: check + NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) CVE-2024-22632 (Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) 388 w ...) - TODO: check + NOT-FOR-US: Setor Informatica Sistema Inteligente para Laboratorios (S.I.L.) CVE-2024-0916 (Unauthenticatedfile upload allows remote code execution. This issue af ...) TODO: check CVE-2024-0905 (The Fancy Product Designer WordPress plugin before 6.1.8 does not sani ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-6116 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...) TODO: check CVE-2023-6096 (Vladimir Kononovich, a Security Researcher has found a flaw that using ...) @@ -241,7 +241,7 @@ CVE-2024-22391 (A heap-based buffer overflow vulnerability exists in the LookupT CVE-2024-22373 (An out-of-bounds write vulnerability exists in the JPEG2000Codec::Deco ...) TODO: check CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-1347 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) - gitlab CVE-2023-52220 (Missing Authorization vulnerability in MonsterInsights Google Analytic ...) -- cgit v1.2.3