From 5174139895beed8852ddf4179efb3538f23bb85a Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sat, 10 Feb 2024 09:45:20 +0100 Subject: Process some NFUs --- data/CVE/list | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index d63c1efbbb..e2afbbbaa7 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,21 +1,21 @@ CVE-2024-25109 (ManageWiki is a MediaWiki extension allowing users to manage wikis. Sp ...) - TODO: check + NOT-FOR-US: MediaWiki extension CVE-2024-24831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24828 (pkg is tool design to bundle Node.js projects into an executables. Any ...) TODO: check CVE-2024-24804 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24803 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24801 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24717 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24713 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-24712 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-23327 (Envoy is a high-performance edge/middle/service proxy. When PPv2 is en ...) TODO: check CVE-2024-23325 (Envoy is a high-performance edge/middle/service proxy. Envoy crashes i ...) @@ -31,27 +31,27 @@ CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framewo CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...) TODO: check CVE-2024-1406 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been decl ...) - TODO: check + NOT-FOR-US: Linksys CVE-2024-1405 (A vulnerability was found in Linksys WRT54GL 4.30.18. It has been clas ...) - TODO: check + NOT-FOR-US: Linksys CVE-2024-1404 (A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as ...) - TODO: check + NOT-FOR-US: Linksys CVE-2024-0596 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0595 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2024-0594 (The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin ...) - TODO: check + NOT-FOR-US: WordPress plugin CVE-2023-50349 (Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerabil ...) - TODO: check + NOT-FOR-US: Sametime Proxy application CVE-2023-45718 (Sametime is impacted by a failure to invalidate sessions. The applica ...) - TODO: check + NOT-FOR-US: HCL CVE-2023-45716 (Sametime is impacted by sensitive information passed in URL.) - TODO: check + NOT-FOR-US: HCL / Sametime application CVE-2023-45698 (Sametime is impacted by lack of clickjacking protection in Outlook add ...) - TODO: check + NOT-FOR-US: HCL / Sametime application CVE-2023-45696 (Sametime is impacted by sensitive fields with autocomplete enabled in ...) - TODO: check + NOT-FOR-US: HCL / Sametime application CVE-2024-XXXX [potential information disclosure vulnerability] - diffoscope 256 NOTE: https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361 @@ -139,11 +139,11 @@ CVE-2024-1246 (Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected CVE-2024-1245 (Concrete CMSversion 9 before 9.2.5 is vulnerable to stored XSS in file ...) NOT-FOR-US: Concrete CMS CVE-2023-6724 (Authorization Bypass Through User-Controlled Key vulnerability in Soft ...) - TODO: check + NOT-FOR-US: Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System CVE-2023-6716 REJECTED CVE-2023-6677 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) - TODO: check + NOT-FOR-US: Oduyo Financial Technology Online Collection CVE-2023-50386 (Improper Control of Dynamically-Managed Code Resources, Unrestricted U ...) TODO: check CVE-2023-50298 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) @@ -53206,7 +53206,7 @@ CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure CVE-2023-28078 RESERVED CVE-2023-28077 (Dell BSAFE SSL-J, versions prior to 6.5, and versions 7.0 and 7.1 cont ...) - TODO: check + NOT-FOR-US: Dell CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...) NOT-FOR-US: Dell CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A ...) -- cgit v1.2.3