[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 17 10:13:05 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b449683c by Salvatore Bonaccorso at 2024-05-17T10:48:36+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2024-4204 (The Bulk Posts Editing For WordPress plugin for WordPress is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-3609 (The ReviewX \u2013 Multi-criteria Rating & Reviews for WooCommerce plu ...)
 	TODO: check
 CVE-2024-3580 (The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and e ...)
@@ -357,35 +357,35 @@ CVE-2024-4838 (The ConvertPlus plugin for WordPress is vulnerable to PHP Object
 CVE-2024-4826 (SQL injection vulnerability in Simple PHP Shopping Cart affecting vers ...)
 	NOT-FOR-US: Simple PHP Shopping Cart
 CVE-2024-4760 (A voltage glitch during the startup of EEFC NVM controllers on Microch ...)
-	TODO: check
+	NOT-FOR-US: Microchip SAM E70/S70/V70/V71 microcontrollers
 CVE-2024-4733 (The ShiftController Employee Shift Scheduling plugin is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4642 (A Server-Side Request Forgery (SSRF) vulnerability exists in the wandb ...)
-	TODO: check
+	NOT-FOR-US: wandb
 CVE-2024-4635 (The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4634 (The Elementor Header & Footer Builder plugin for WordPress is vulnerab ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4617 (The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulne ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4609 (A vulnerability exists in the Rockwell Automation FactoryTalk\xae View ...)
-	TODO: check
+	NOT-FOR-US: Rockwell Automation
 CVE-2024-4580 (The Master Addons \u2013 Free Widgets, Hover Effects, Toggle, Conditio ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4546 (The Custom Post Type Attachment plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4478 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4400 (The Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Edit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4391 (The Happy Addons for Elementor plugin for WordPress is vulnerable to S ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4385 (The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4352 (The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4351 (The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4326 (A vulnerability in parisneo/lollms-webui versions up to 9.3 allows rem ...)
 	TODO: check
 CVE-2024-4322 (A path traversal vulnerability exists in the parisneo/lollms-webui app ...)
@@ -393,17 +393,17 @@ CVE-2024-4322 (A path traversal vulnerability exists in the parisneo/lollms-webu
 CVE-2024-4321 (A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/c ...)
 	TODO: check
 CVE-2024-4318 (The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Inj ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4288 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments B ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4279 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4263 (A broken access control vulnerability exists in mlflow/mlflow versions ...)
-	TODO: check
+	NOT-FOR-US: mlflow
 CVE-2024-4223 (The Tutor LMS plugin for WordPress is vulnerable to unauthorized acces ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4222 (The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized a ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-4181 (A command injection vulnerability exists in the RunGptLLM class of the ...)
 	TODO: check
 CVE-2024-4078 (A vulnerability in the parisneo/lollms, specifically in the `/unInstal ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b449683c577e035efe7a9feea0fc164278084346

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b449683c577e035efe7a9feea0fc164278084346
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240517/f1c4e21e/attachment.htm>

More information about the debian-security-tracker-commits mailing list