[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 7 08:12:30 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4f23a566 by security tracker role at 2025-01-07T08:12:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,265 @@
+CVE-2025-22395 (Dell Update Package Framework, versions prior to 22.01.02, contain(s) ...)
+ TODO: check
+CVE-2025-21620 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...)
+ TODO: check
+CVE-2025-21616 (Plane is an open-source project management tool. A cross-site scriptin ...)
+ TODO: check
+CVE-2024-9702 (The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is ...)
+ TODO: check
+CVE-2024-9697 (The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is ...)
+ TODO: check
+CVE-2024-9638 (The Category Posts Widget WordPress plugin before 4.9.18 does not sani ...)
+ TODO: check
+CVE-2024-9502 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...)
+ TODO: check
+CVE-2024-9354 (The Estatik Mortgage Calculator plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-9208 (The Enable Accessibility plugin for WordPress is vulnerable to Reflect ...)
+ TODO: check
+CVE-2024-8857 (The WordPress Auction Plugin WordPress plugin through 3.7 does not san ...)
+ TODO: check
+CVE-2024-8855 (The WordPress Auction Plugin WordPress plugin through 3.7 does not san ...)
+ TODO: check
+CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has ...)
+ TODO: check
+CVE-2024-55553 (In FRRouting (FRR) before 10.3, it is possible for an attacker to trig ...)
+ TODO: check
+CVE-2024-55076 (Grocy through 4.3.0 has no CSRF protection, as demonstrated by changin ...)
+ TODO: check
+CVE-2024-55075 (Grocy through 4.3.0 allows remote attackers to obtain sensitive inform ...)
+ TODO: check
+CVE-2024-55074 (The edit profile function of Grocy through 4.3.0 allows stored XSS and ...)
+ TODO: check
+CVE-2024-54767 (An access control issue in the component /juis_boxinfo.xml of AVM FRIT ...)
+ TODO: check
+CVE-2024-54764 (An access control issue in the component /login/hostinfo2.cgi of ipTIM ...)
+ TODO: check
+CVE-2024-54763 (An access control issue in the component /login/hostinfo.cgi of ipTIME ...)
+ TODO: check
+CVE-2024-54030 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-53936 (The com.asianmobile.callcolor (aka Color Phone Call Screen App) applic ...)
+ TODO: check
+CVE-2024-53935 (The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone F ...)
+ TODO: check
+CVE-2024-53934 (The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color P ...)
+ TODO: check
+CVE-2024-53933 (The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme ...)
+ TODO: check
+CVE-2024-53932 (The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color P ...)
+ TODO: check
+CVE-2024-53931 (The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) app ...)
+ TODO: check
+CVE-2024-51741 (Redis is an open source, in-memory database that persists on disk. An ...)
+ TODO: check
+CVE-2024-48457 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...)
+ TODO: check
+CVE-2024-48456 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...)
+ TODO: check
+CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...)
+ TODO: check
+CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-46981 (Redis is an open source, in-memory database that persists on disk. An ...)
+ TODO: check
+CVE-2024-45070 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
+ TODO: check
+CVE-2024-12849 (The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-12781 (The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress ...)
+ TODO: check
+CVE-2024-12633 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...)
+ TODO: check
+CVE-2024-12624 (The Sina Extension for Elementor plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-12592 (The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
+ TODO: check
+CVE-2024-12590 (The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-12559 (The ClickDesigns plugin for WordPress is vulnerable to unauthorized mo ...)
+ TODO: check
+CVE-2024-12557 (The Transporters.io plugin for WordPress is vulnerable to Cross-Site R ...)
+ TODO: check
+CVE-2024-12541 (The Chative Live chat and Chatbot plugin for WordPress is vulnerable t ...)
+ TODO: check
+CVE-2024-12540 (The LDD Directory Lite plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-12538 (The Duplicate Post, Page and Any Custom Post plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-12535 (The Host PHP Info plugin for WordPress is vulnerable to unauthorized a ...)
+ TODO: check
+CVE-2024-12528 (The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for Wo ...)
+ TODO: check
+CVE-2024-12516 (The Coupon Plugin plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-12499 (The WP jQuery DataTable plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-12495 (The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerab ...)
+ TODO: check
+CVE-2024-12471 (The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo ...)
+ TODO: check
+CVE-2024-12470 (The School Management System \u2013 SakolaWP plugin for WordPress is v ...)
+ TODO: check
+CVE-2024-12464 (The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cr ...)
+ TODO: check
+CVE-2024-12462 (The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Si ...)
+ TODO: check
+CVE-2024-12457 (The Chat Support for Viber \u2013 Chat Bubble and Chat Button for Gute ...)
+ TODO: check
+CVE-2024-12453 (The Uptodown APK Download Widget plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-12445 (The RightMessage WP plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-12440 (The Candifly plugin for WordPress is vulnerable to Stored Cross-Site S ...)
+ TODO: check
+CVE-2024-12439 (The Marketplace Items plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-12438 (The WooCommerce Digital Content Delivery (incl. DRM) \u2013 FlickRocke ...)
+ TODO: check
+CVE-2024-12437 (The Marketplace Items plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-12435 (The Compare Products for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-12419 (The The Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WO ...)
+ TODO: check
+CVE-2024-12416 (The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for ...)
+ TODO: check
+CVE-2024-12402 (The Themes Coder \u2013 Create Android & iOS Apps For Your Woocommerce ...)
+ TODO: check
+CVE-2024-12384 (The Binary MLM Woocommerce plugin for WordPress is vulnerable to Refle ...)
+ TODO: check
+CVE-2024-12383 (The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross ...)
+ TODO: check
+CVE-2024-12332 (The School Management System \u2013 WPSchoolPress plugin for WordPress ...)
+ TODO: check
+CVE-2024-12327 (The LazyLoad Background Images plugin for WordPress is vulnerable to u ...)
+ TODO: check
+CVE-2024-12324 (The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected ...)
+ TODO: check
+CVE-2024-12322 (The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-12313 (The Compare Products for WooCommerce plugin for WordPress is vulnerabl ...)
+ TODO: check
+CVE-2024-12291 (The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Requ ...)
+ TODO: check
+CVE-2024-12290 (The Infility Global plugin for WordPress is vulnerable to Reflected Cr ...)
+ TODO: check
+CVE-2024-12288 (The Simple add pages or posts plugin for WordPress is vulnerable to Cr ...)
+ TODO: check
+CVE-2024-12264 (The PayU CommercePro Plugin plugin for WordPress is vulnerable to priv ...)
+ TODO: check
+CVE-2024-12261 (The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected C ...)
+ TODO: check
+CVE-2024-12256 (The Simple Video Management System plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-12252 (The SEO LAT Auto Post plugin for WordPress is vulnerable to file overw ...)
+ TODO: check
+CVE-2024-12214 (The WooCommerce HSS Extension for Streaming Video plugin for WordPress ...)
+ TODO: check
+CVE-2024-12208 (The Backup and Restore WordPress \u2013 Backup Plugin plugin for WordP ...)
+ TODO: check
+CVE-2024-12207 (The Toggles Shortcode and Widget plugin for WordPress is vulnerable to ...)
+ TODO: check
+CVE-2024-12202 (The Croma Music plugin for WordPress is vulnerable to unauthorized mod ...)
+ TODO: check
+CVE-2024-12176 (The WordLift \u2013 AI powered SEO \u2013 Schema plugin for WordPress ...)
+ TODO: check
+CVE-2024-12170 (The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Requ ...)
+ TODO: check
+CVE-2024-12159 (The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \ ...)
+ TODO: check
+CVE-2024-12158 (The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergratio ...)
+ TODO: check
+CVE-2024-12157 (The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergratio ...)
+ TODO: check
+CVE-2024-12153 (The GDY Modular Content plugin for WordPress is vulnerable to Reflecte ...)
+ TODO: check
+CVE-2024-12140 (The Elementor Addons AI Addons \u2013 70 Widgets, Premium Templates, U ...)
+ TODO: check
+CVE-2024-12126 (The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross ...)
+ TODO: check
+CVE-2024-12124 (The Role Includer plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2024-12098 (The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Re ...)
+ TODO: check
+CVE-2024-12077 (The Booking Calendar and Booking Calendar Pro plugins for WordPress ar ...)
+ TODO: check
+CVE-2024-12073 (The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-12049 (The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cros ...)
+ TODO: check
+CVE-2024-12022 (The WP Menu Image plugin for WordPress is vulnerable to unauthorized m ...)
+ TODO: check
+CVE-2024-11934 (The Formaloo Form Maker & Customer Analytics for WordPress & WooCommer ...)
+ TODO: check
+CVE-2024-11899 (The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross ...)
+ TODO: check
+CVE-2024-11887 (The Geo Content plugin for WordPress is vulnerable to Stored Cross-Sit ...)
+ TODO: check
+CVE-2024-11810 (The PayGreen Payment Gateway plugin for WordPress is vulnerable to Ref ...)
+ TODO: check
+CVE-2024-11777 (The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-11764 (The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cro ...)
+ TODO: check
+CVE-2024-11756 (The SweepWidget Contests, Giveaways, Photo Contests, Competitions plug ...)
+ TODO: check
+CVE-2024-11749 (The App Embed plugin for WordPress is vulnerable to Stored Cross-Site ...)
+ TODO: check
+CVE-2024-11725 (The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPr ...)
+ TODO: check
+CVE-2024-11690 (The Financial Stocks & Crypto Market Data Plugin plugin for WordPress ...)
+ TODO: check
+CVE-2024-11627 (: Insufficient Session Expiration vulnerability in Progress Sitefinity ...)
+ TODO: check
+CVE-2024-11626 (Improper Neutralization of Input During CMS Backend (adminstrative sec ...)
+ TODO: check
+CVE-2024-11625 (Information Exposure Through an Error Message vulnerability in Progres ...)
+ TODO: check
+CVE-2024-11606 (The Tabs Shortcode WordPress plugin through 2.0.2 does not validate an ...)
+ TODO: check
+CVE-2024-11496 (The Infility Global plugin for WordPress is vulnerable to unauthorized ...)
+ TODO: check
+CVE-2024-11465 (The Custom Product Tabs for WooCommerce plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-11445 (The Image Magnify plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-11437 (The Timeline Designer plugin for WordPress is vulnerable to SQL Inject ...)
+ TODO: check
+CVE-2024-11434 (The WP \u2013 Bulk SMS \u2013 by SMS.to plugin for WordPress is vulner ...)
+ TODO: check
+CVE-2024-11383 (The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11382 (The Common Ninja: Fully Customizable & Perfectly Responsive Free Widge ...)
+ TODO: check
+CVE-2024-11378 (The Bizapp for WooCommerce plugin for WordPress is vulnerable to Refle ...)
+ TODO: check
+CVE-2024-11377 (The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2024-11375 (The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Sc ...)
+ TODO: check
+CVE-2024-11369 (The Store credit / Gift cards for woocommerce plugin for WordPress is ...)
+ TODO: check
+CVE-2024-11363 (The Same but Different \u2013 Related Posts by Taxonomy plugin for Wor ...)
+ TODO: check
+CVE-2024-11338 (The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-S ...)
+ TODO: check
+CVE-2024-11337 (The Horoscope And Tarot plugin for WordPress is vulnerable to Stored C ...)
+ TODO: check
+CVE-2024-11290 (The Member Access plugin for WordPress is vulnerable to Sensitive Info ...)
+ TODO: check
+CVE-2024-11282 (The Passster \u2013 Password Protect Pages and Content plugin for Word ...)
+ TODO: check
+CVE-2024-10866 (The Export Import Menus plugin for WordPress is vulnerable to unauthor ...)
+ TODO: check
+CVE-2024-10562 (The Form Maker by 10Web WordPress plugin before 1.15.31 does not sani ...)
+ TODO: check
+CVE-2024-10536 (The FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Car ...)
+ TODO: check
+CVE-2024-10527 (The Spacer plugin for WordPress is vulnerable to unauthorized access o ...)
+ TODO: check
+CVE-2024-10102 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...)
+ TODO: check
CVE-2025-21618 (NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, ...)
NOT-FOR-US: NiceGUI
CVE-2025-21617 (Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior t ...)
@@ -7100,7 +7362,7 @@ CVE-2024-49602 (Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain a
NOT-FOR-US: Dell
CVE-2024-49600 (Dell Power Manager (DPM), versions prior to 3.17, contain an improper ...)
NOT-FOR-US: Dell
-CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 allows attackers without valid a ...)
+CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers with ...)
NOT-FOR-US: Serviceware Processes
CVE-2024-46901 (Insufficient validation of filenames against control characters in Apa ...)
- subversion 1.14.5-1
@@ -8279,7 +8541,7 @@ CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a medium-severity vulnerab
NOT-FOR-US: Moxa
CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This only ap ...)
NOT-FOR-US: Veritas
-CVE-2024-54661 (readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 ...)
+CVE-2024-54661 (readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 fi ...)
- socat 1.8.0.2-1 (unimportant)
NOTE: Issue only in installed example: /usr/share/doc/socat/examples/readline.sh
NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv9.html
@@ -300092,8 +300354,8 @@ CVE-2021-27287
RESERVED
CVE-2021-27286
RESERVED
-CVE-2021-27285
- RESERVED
+CVE-2021-27285 (An issue was discovered in Inspur ClusterEngine v4.0 that allows attac ...)
+ TODO: check
CVE-2021-27284
RESERVED
CVE-2021-27283
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23a566644fa5b10a9f1399dd2fbc2f89d9822a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23a566644fa5b10a9f1399dd2fbc2f89d9822a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250107/a826f531/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list