[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 4 05:48:57 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23ec3578 by Salvatore Bonaccorso at 2025-02-04T06:47:08+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,9 +5,9 @@ CVE-2025-25066 (nDPI through 4.12 has a potential stack-based buffer overflow in
NOTE: Introduced by: https://github.com/ntop/nDPI/commit/b9348e9d6e0e754c4b17661c643ca258f1540ca1 (4.12)
NOTE: Fixed by: https://github.com/ntop/nDPI/commit/678697b5eb6c3caa5dd5f8cccfe9eed8d13b94bb
CVE-2025-25065 (SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0. ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2025-25064 (SQL injection vulnerability in the ZimbraSyncService SOAP endpoint in ...)
- TODO: check
+ NOT-FOR-US: Zimbra
CVE-2025-25063 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1 ...)
- backdrop <itp> (bug #914257)
CVE-2025-25062 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1 ...)
@@ -15,211 +15,211 @@ CVE-2025-25062 (An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5
CVE-2025-24898 (rust-openssl is a set of OpenSSL bindings for the Rust programming lan ...)
TODO: check
CVE-2025-24781 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24697 (Missing Authorization vulnerability in Realwebcare Image Gallery \u201 ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24661 (Deserialization of Untrusted Data vulnerability in MagePeople Team Tax ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24660 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24656 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24646 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24643 (Missing Authorization vulnerability in Amento Tech Pvt ltd WPGuppy all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24642 (Missing Authorization vulnerability in theme funda Setup Default Featu ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24639 (Insertion of Sensitive Information Into Sent Data vulnerability in GRE ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24631 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24630 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24620 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24605 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24576 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24574 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24569 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24557 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24556 (Insertion of Sensitive Information into Log File vulnerability in Dual ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24545 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24544 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24541 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-24536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23984 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23923 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23920 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23819 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23799 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23685 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23614 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23599 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23594 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23593 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23590 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23588 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23582 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23581 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23561 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23527 (Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-23491 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22978 (eladmin <=2.7 is vulnerable to CSV Injection in the exception log down ...)
- TODO: check
+ NOT-FOR-US: eladmin
CVE-2025-22775 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22704 (Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22703 (Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22701 (Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22695 (Authorization Bypass Through User-Controlled Key vulnerability in NirW ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22694 (Missing Authorization vulnerability in theDotstore Hide Shipping Metho ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22693 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22691 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22690 (Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimb ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22688 (Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22686 (Missing Authorization vulnerability in GSheetConnector CF7 Google Shee ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22685 (Cross-Site Request Forgery (CSRF) vulnerability in CheGevara Tags to K ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22684 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22683 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22682 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22681 (Missing Authorization vulnerability in Xfinity Soft Content Cloner all ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22679 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22677 (Missing Authorization vulnerability in UIUX Lab Uix Shortcodes allows ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-22260 (Missing Authorization vulnerability in Pixelite Meta Tag Manager. This ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-20643 (In DA, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20642 (In DA, there is a possible out of bounds write due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20641 (In DA, there is a possible out of bounds write due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20640 (In DA, there is a possible out of bounds read due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20639 (In DA, there is a possible out of bounds write due to a missing bounds ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20638 (In DA, there is a possible read of uninitialized heap data due to unin ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20637 (In network HW, there is a possible system hang due to an uncaught exce ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20636 (In secmem, there is a possible out of bounds write due to a missing bo ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20635 (In V6 DA, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20634 (In Modem, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20633 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20632 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-20631 (In wlan AP driver, there is a possible out of bounds write due to an i ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2025-0974 (A vulnerability, which was classified as critical, has been found in M ...)
- TODO: check
+ NOT-FOR-US: MaxD Lightning Module on OpenCart
CVE-2025-0973 (A vulnerability classified as critical was found in CmsEasy 7.7.7.9. T ...)
- TODO: check
+ NOT-FOR-US: CmsEasy
CVE-2025-0972 (A vulnerability classified as problematic has been found in Zenvia Mov ...)
- TODO: check
+ NOT-FOR-US: Zenvia Movidesk
CVE-2025-0971 (A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has be ...)
- TODO: check
+ NOT-FOR-US: Zenvia Movidesk
CVE-2025-0970 (A vulnerability was found in Zenvia Movidesk up to 25.01.22. It has be ...)
- TODO: check
+ NOT-FOR-US: Zenvia Movidesk
CVE-2025-0015 (Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm ...)
TODO: check
CVE-2024-6790 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
TODO: check
CVE-2024-57968 (Advantive VeraCore before 2024.4.2.1 allows remote authenticated users ...)
- TODO: check
+ NOT-FOR-US: Advantive VeraCore
CVE-2024-57967 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
- TODO: check
+ NOT-FOR-US: CyberArk
CVE-2024-57966 (libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absol ...)
TODO: check
CVE-2024-57669 (Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.3 ...)
- TODO: check
+ NOT-FOR-US: Zrlog
CVE-2024-57522 (SourceCodester Packers and Movers Management System v1.0 is vulnerable ...)
- TODO: check
+ NOT-FOR-US: SourceCodester Packers and Movers Management System
CVE-2024-57498 (Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allow ...)
- TODO: check
+ NOT-FOR-US: ForestBlog
CVE-2024-57452 (ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in co ...)
- TODO: check
+ NOT-FOR-US: ChestnutCMS
CVE-2024-57450 (ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create templa ...)
- TODO: check
+ NOT-FOR-US: ChestnutCMS
CVE-2024-57362
REJECTED
CVE-2024-57238 (Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL In ...)
- TODO: check
+ NOT-FOR-US: Prolink
CVE-2024-57237 (Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: Prolink
CVE-2024-57175 (A Stored Cross-Site Scripting (XSS) vulnerability was identified in th ...)
- TODO: check
+ NOT-FOR-US: PHPGURUKUL Online Birth Certificate System
CVE-2024-57099 (ClassCMS v4.8 has a code execution vulnerability. Attackers can exploi ...)
- TODO: check
+ NOT-FOR-US: ClassCMS
CVE-2024-57098 (Moss v0.1.3 version has an SQL injection vulnerability that allows att ...)
TODO: check
CVE-2024-57097 (ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admi ...)
- TODO: check
+ NOT-FOR-US: ClassCMS
CVE-2024-57004 (Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 al ...)
TODO: check
CVE-2024-56946 (Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 ...)
@@ -231,87 +231,87 @@ CVE-2024-56161 (Improper signature verification in AMD CPU ROM microcode patch l
CVE-2024-55456 (lunasvg v3.0.1 was discovered to contain a segmentation violation via ...)
TODO: check
CVE-2024-54840 (PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager ...)
- TODO: check
+ NOT-FOR-US: CyberArk
CVE-2024-53943 (An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The ...)
- TODO: check
+ NOT-FOR-US: NRadio
CVE-2024-53942 (An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The ...)
- TODO: check
+ NOT-FOR-US: NRadio
CVE-2024-50656 (itsourcecode Placement Management System 1.0 is vulnerable to Cross Si ...)
- TODO: check
+ NOT-FOR-US: itsourcecode Placement Management System
CVE-2024-50500 (Missing Authorization vulnerability in By Averta Shortcodes and extra ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-49843 (Memory corruption while processing IOCTL from user space to handle GPU ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-49840 (Memory corruption while Invoking IOCTL calls from user-space to valida ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-49839 (Memory corruption during management frame processing due to mismatch i ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-49838 (Information disclosure while parsing the OCI IE with invalid length.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-49837 (Memory corruption while reading CPU state data during guest VM suspend ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-49834 (Memory corruption while power-up or power-down sequence of the camera ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-49833 (Memory corruption can occur in the camera when an invalid CID is used.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-49832 (Memory corruption in Camera due to unusually high number of nodes pass ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-45584 (Memory corruption can occur when a compat IOCTL call is followed by a ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-45582 (Memory corruption while validating number of devices in Camera kernel ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-45573 (Memory corruption may occour while generating test pattern due to nega ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-45571 (Memory corruption may occour occur when stopping the WLAN interface af ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-45569 (Memory corruption while parsing the ML IE due to invalid frame content ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-45561 (Memory corruption while handling IOCTL call from user-space to set la ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-45560 (Memory corruption while taking a snapshot with hardware encoder due to ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-43333 (Incorrect Privilege Assignment vulnerability in NotFound Admin and Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-38420 (Memory corruption while configuring a Hypervisor based input virtual d ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38418 (Memory corruption while parsing the memory map info in IOCTL calls.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38417 (Information disclosure while processing IO control commands.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38416 (Information disclosure during audio playback.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38414 (Information disclosure while processing information on firmware image ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38413 (Memory corruption while processing frame packets.)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38412 (Memory corruption while invoking IOCTL calls from user-space to kernel ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38411 (Memory corruption while registering a buffer from user-space to kernel ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-38404 (Transient DOS when registration accept OTA is received with incorrect ...)
- TODO: check
+ NOT-FOR-US: Qualcomm
CVE-2024-36437 (The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) a ...)
- TODO: check
+ NOT-FOR-US: com.enflick.android.TextNow application
CVE-2024-20147 (In Bluetooth FW, there is a possible reachable assertion due to improp ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20142 (In V5 DA, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-20141 (In V5 DA, there is a possible out of bounds write due to a missing bou ...)
- TODO: check
+ NOT-FOR-US: Mediatek
CVE-2024-13347 (The Essential WP Real Estate WordPress plugin through 1.1.3 does not e ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12859 (The BoomBox Theme Extensions plugin for WordPress is vulnerable to Loc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12511 (With address book access, SMB/FTP settings could be modified, redirect ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-12510 (If LDAP settings are accessed, authentication could be redirected to a ...)
- TODO: check
+ NOT-FOR-US: Xerox
CVE-2024-11134 (The Eventer plugin for WordPress is vulnerable to unauthorized access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11133 (The Eventer plugin for WordPress is vulnerable to unauthorized access ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11132 (The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10395 (No proper validation of the length of user input in http_server_get_co ...)
TODO: check
CVE-2025-0967 (A vulnerability was found in code-projects Chat System 1.0 and classif ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ec3578a077821f28f3c69b96476ddd2be509de
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ec3578a077821f28f3c69b96476ddd2be509de
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250204/e330c4f8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list