Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
feb0a5fc by Salvatore Bonaccorso at 2025-01-07T09:22:50+01:00
Process new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
CVE-2025-22395 (Dell Update Package Framework, versions prior to 22.01.02,
contain(s) ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-21620 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with
secure ...)
TODO: check
CVE-2025-21616 (Plane is an open-source project management tool. A cross-site
scriptin ...)
TODO: check
CVE-2024-9702 (The Social Rocket \u2013 Social Sharing Plugin plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9697 (The Social Rocket \u2013 Social Sharing Plugin plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9638 (The Category Posts Widget WordPress plugin before 4.9.18 does
not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9502 (The Master Addons \u2013 Elementor Addons with White Label,
Free Widge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9354 (The Estatik Mortgage Calculator plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9208 (The Enable Accessibility plugin for WordPress is vulnerable to
Reflect ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8857 (The WordPress Auction Plugin WordPress plugin through 3.7 does
not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8855 (The WordPress Auction Plugin WordPress plugin through 3.7 does
not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty
Program, has ...)
- TODO: check
+ NOT-FOR-US: AXIS Camera Station server
CVE-2024-55553 (In FRRouting (FRR) before 10.3, it is possible for an attacker
to trig ...)
TODO: check
CVE-2024-55076 (Grocy through 4.3.0 has no CSRF protection, as demonstrated by
changin ...)
@@ -31,235 +31,235 @@ CVE-2024-55075 (Grocy through 4.3.0 allows remote
attackers to obtain sensitive
CVE-2024-55074 (The edit profile function of Grocy through 4.3.0 allows stored
XSS and ...)
TODO: check
CVE-2024-54767 (An access control issue in the component /juis_boxinfo.xml of
AVM FRIT ...)
- TODO: check
+ NOT-FOR-US: AVM FRITZ!Box 7530 AX
CVE-2024-54764 (An access control issue in the component /login/hostinfo2.cgi
of ipTIM ...)
- TODO: check
+ NOT-FOR-US: ipTIME A2004
CVE-2024-54763 (An access control issue in the component /login/hostinfo.cgi
of ipTIME ...)
- TODO: check
+ NOT-FOR-US: ipTIME A2004
CVE-2024-54030 (in OpenHarmony v4.1.2 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-53936 (The com.asianmobile.callcolor (aka Color Phone Call Screen
App) applic ...)
- TODO: check
+ NOT-FOR-US: com.asianmobile.callcolor (aka Color Phone Call Screen App)
CVE-2024-53935 (The com.callos14.callscreen.colorphone (aka iCall OS17 - Color
Phone F ...)
- TODO: check
+ NOT-FOR-US: com.callos14.callscreen.colorphone (aka iCall OS17 - Color
Phone Flash) application
CVE-2024-53934 (The com.windymob.callscreen.ringtone.callcolor.colorphone (aka
Color P ...)
- TODO: check
+ NOT-FOR-US: com.windymob.callscreen.ringtone.callcolor.colorphone (aka
Color Phone Call Screen Themes) application
CVE-2024-53933 (The com.callerscreen.colorphone.themes.callflash (aka Color
Call Theme ...)
- TODO: check
+ NOT-FOR-US: com.callerscreen.colorphone.themes.callflash (aka Color
Call Theme & Call Screen) application
CVE-2024-53932 (The com.remi.colorphone.callscreen.calltheme.callerscreen (aka
Color P ...)
- TODO: check
+ NOT-FOR-US: com.remi.colorphone.callscreen.calltheme.callerscreen (aka
Color Phone: Call Screen Theme) application
CVE-2024-53931 (The com.glitter.caller.screen (aka iCaller, Caller Theme &
Dialer) app ...)
- TODO: check
+ NOT-FOR-US: com.glitter.caller.screen (aka iCaller, Caller Theme &
Dialer) application
CVE-2024-51741 (Redis is an open source, in-memory database that persists on
disk. An ...)
TODO: check
CVE-2024-48457 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582
and Neti ...)
- TODO: check
+ NOT-FOR-US: Netis Router
CVE-2024-48456 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582
and Neti ...)
- TODO: check
+ NOT-FOR-US: Netis Router
CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582
and Neti ...)
- TODO: check
+ NOT-FOR-US: Netis Router
CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-46981 (Redis is an open source, in-memory database that persists on
disk. An ...)
TODO: check
CVE-2024-45070 (in OpenHarmony v4.1.2 and prior versions allow a local
attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-12849 (The Error Log Viewer By WP Guru plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12781 (The Aurum - WordPress & WooCommerce Shopping Theme theme for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-12633 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12624 (The Sina Extension for Elementor plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12592 (The Sellsy plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12590 (The WP Youtube Gallery plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12559 (The ClickDesigns plugin for WordPress is vulnerable to
unauthorized mo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12557 (The Transporters.io plugin for WordPress is vulnerable to
Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12541 (The Chative Live chat and Chatbot plugin for WordPress is
vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12540 (The LDD Directory Lite plugin for WordPress is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12538 (The Duplicate Post, Page and Any Custom Post plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12535 (The Host PHP Info plugin for WordPress is vulnerable to
unauthorized a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12528 (The WordPress Survey & Poll \u2013 Quiz, Survey and Poll
Plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12516 (The Coupon Plugin plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12499 (The WP jQuery DataTable plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12495 (The Bootstrap Blocks for WP Editor v2 plugin for WordPress is
vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12471 (The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion,
Pexels, Dezgo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12470 (The School Management System \u2013 SakolaWP plugin for
WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12464 (The Chatroll Live Chat plugin for WordPress is vulnerable to
Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12462 (The YOGO Booking plugin for WordPress is vulnerable to Stored
Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12457 (The Chat Support for Viber \u2013 Chat Bubble and Chat Button
for Gute ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12453 (The Uptodown APK Download Widget plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12445 (The RightMessage WP plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12440 (The Candifly plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12439 (The Marketplace Items plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12438 (The WooCommerce Digital Content Delivery (incl. DRM) \u2013
FlickRocke ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12437 (The Marketplace Items plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12435 (The Compare Products for WooCommerce plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12419 (The The Design for Contact Form 7 Style WordPress Plugin
\u2013 CF7 WO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12416 (The Live Sales Notification for Woocommerce \u2013 Woomotiv
plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12402 (The Themes Coder \u2013 Create Android & iOS Apps For Your
Woocommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12384 (The Binary MLM Woocommerce plugin for WordPress is vulnerable
to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12383 (The Binary MLM Woocommerce plugin for WordPress is vulnerable
to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12332 (The School Management System \u2013 WPSchoolPress plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12327 (The LazyLoad Background Images plugin for WordPress is
vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12324 (The Unilevel MLM Plan plugin for WordPress is vulnerable to
Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12322 (The ThePerfectWedding.nl Widget plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12313 (The Compare Products for WooCommerce plugin for WordPress is
vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12291 (The ViewMedica 9 plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12290 (The Infility Global plugin for WordPress is vulnerable to
Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12288 (The Simple add pages or posts plugin for WordPress is
vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12264 (The PayU CommercePro Plugin plugin for WordPress is vulnerable
to priv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12261 (The SmartEmailing.cz plugin for WordPress is vulnerable to
Reflected C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12256 (The Simple Video Management System plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12252 (The SEO LAT Auto Post plugin for WordPress is vulnerable to
file overw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12214 (The WooCommerce HSS Extension for Streaming Video plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12208 (The Backup and Restore WordPress \u2013 Backup Plugin plugin
for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12207 (The Toggles Shortcode and Widget plugin for WordPress is
vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12202 (The Croma Music plugin for WordPress is vulnerable to
unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12176 (The WordLift \u2013 AI powered SEO \u2013 Schema plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12170 (The ViewMedica 9 plugin for WordPress is vulnerable to
Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12159 (The Optimize Your Campaigns \u2013 Google Shopping \u2013
Google Ads \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12158 (The Popup \u2013 MailChimp, GetResponse and ActiveCampaign
Intergratio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12157 (The Popup \u2013 MailChimp, GetResponse and ActiveCampaign
Intergratio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12153 (The GDY Modular Content plugin for WordPress is vulnerable to
Reflecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12140 (The Elementor Addons AI Addons \u2013 70 Widgets, Premium
Templates, U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12126 (The SEO Keywords plugin for WordPress is vulnerable to
Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12124 (The Role Includer plugin for WordPress is vulnerable to
Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12098 (The ARS Affiliate Page Plugin plugin for WordPress is
vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12077 (The Booking Calendar and Booking Calendar Pro plugins for
WordPress ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12073 (The Meteor Slides plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12049 (The Woo Ukrposhta plugin for WordPress is vulnerable to
Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12022 (The WP Menu Image plugin for WordPress is vulnerable to
unauthorized m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11934 (The Formaloo Form Maker & Customer Analytics for WordPress &
WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11899 (The Slider Pro Lite plugin for WordPress is vulnerable to
Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11887 (The Geo Content plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11810 (The PayGreen Payment Gateway plugin for WordPress is
vulnerable to Ref ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11777 (The Sell Media plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11764 (The Solar Wizard Lite plugin for WordPress is vulnerable to
Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11756 (The SweepWidget Contests, Giveaways, Photo Contests,
Competitions plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11749 (The App Embed plugin for WordPress is vulnerable to Stored
Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11725 (The SMS Alert Order Notifications \u2013 WooCommerce plugin
for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11690 (The Financial Stocks & Crypto Market Data Plugin plugin for
WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11627 (: Insufficient Session Expiration vulnerability in Progress
Sitefinity ...)
- TODO: check
+ NOT-FOR-US: Progress Sitefinity
CVE-2024-11626 (Improper Neutralization of Input During CMS Backend
(adminstrative sec ...)
- TODO: check
+ NOT-FOR-US: Progress Sitefinity
CVE-2024-11625 (Information Exposure Through an Error Message vulnerability in
Progres ...)
- TODO: check
+ NOT-FOR-US: Progress Sitefinity
CVE-2024-11606 (The Tabs Shortcode WordPress plugin through 2.0.2 does not
validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11496 (The Infility Global plugin for WordPress is vulnerable to
unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11465 (The Custom Product Tabs for WooCommerce plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11445 (The Image Magnify plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11437 (The Timeline Designer plugin for WordPress is vulnerable to
SQL Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11434 (The WP \u2013 Bulk SMS \u2013 by SMS.to plugin for WordPress
is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11383 (The CC Canadian Mortgage Calculator plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11382 (The Common Ninja: Fully Customizable & Perfectly Responsive
Free Widge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11378 (The Bizapp for WooCommerce plugin for WordPress is vulnerable
to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11377 (The Automate Hub Free by Sperse.IO plugin for WordPress is
vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11375 (The WC1C plugin for WordPress is vulnerable to Reflected
Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11369 (The Store credit / Gift cards for woocommerce plugin for
WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11363 (The Same but Different \u2013 Related Posts by Taxonomy plugin
for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11338 (The PIXNET Plugin plugin for WordPress is vulnerable to Stored
Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11337 (The Horoscope And Tarot plugin for WordPress is vulnerable to
Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11290 (The Member Access plugin for WordPress is vulnerable to
Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11282 (The Passster \u2013 Password Protect Pages and Content plugin
for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10866 (The Export Import Menus plugin for WordPress is vulnerable to
unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10562 (The Form Maker by 10Web WordPress plugin before 1.15.31 does
not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10536 (The FancyPost \u2013 Best Ultimate Post Block, Post Grid,
Layouts, Car ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10527 (The Spacer plugin for WordPress is vulnerable to unauthorized
access o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10102 (The Photo Gallery, Images, Slider in Rbs Image Gallery
WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-21618 (NiceGUI is an easy-to-use, Python-based UI framework. Prior to
2.9.1, ...)
NOT-FOR-US: NiceGUI
CVE-2025-21617 (Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0.
Prior t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feb0a5fcba5a3b610c5ea180f9df2f34c4af38e6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feb0a5fcba5a3b610c5ea180f9df2f34c4af38e6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
