[Git][security-tracker-team/security-tracker][master] Process new NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jan 7 08:22:58 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
feb0a5fc by Salvatore Bonaccorso at 2025-01-07T09:22:50+01:00
Process new NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,27 +1,27 @@
CVE-2025-22395 (Dell Update Package Framework, versions prior to 22.01.02, contain(s) ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2025-21620 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure ...)
TODO: check
CVE-2025-21616 (Plane is an open-source project management tool. A cross-site scriptin ...)
TODO: check
CVE-2024-9702 (The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9697 (The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9638 (The Category Posts Widget WordPress plugin before 4.9.18 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9502 (The Master Addons \u2013 Elementor Addons with White Label, Free Widge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9354 (The Estatik Mortgage Calculator plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-9208 (The Enable Accessibility plugin for WordPress is vulnerable to Reflect ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8857 (The WordPress Auction Plugin WordPress plugin through 3.7 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-8855 (The WordPress Auction Plugin WordPress plugin through 3.7 does not san ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has ...)
- TODO: check
+ NOT-FOR-US: AXIS Camera Station server
CVE-2024-55553 (In FRRouting (FRR) before 10.3, it is possible for an attacker to trig ...)
TODO: check
CVE-2024-55076 (Grocy through 4.3.0 has no CSRF protection, as demonstrated by changin ...)
@@ -31,235 +31,235 @@ CVE-2024-55075 (Grocy through 4.3.0 allows remote attackers to obtain sensitive
CVE-2024-55074 (The edit profile function of Grocy through 4.3.0 allows stored XSS and ...)
TODO: check
CVE-2024-54767 (An access control issue in the component /juis_boxinfo.xml of AVM FRIT ...)
- TODO: check
+ NOT-FOR-US: AVM FRITZ!Box 7530 AX
CVE-2024-54764 (An access control issue in the component /login/hostinfo2.cgi of ipTIM ...)
- TODO: check
+ NOT-FOR-US: ipTIME A2004
CVE-2024-54763 (An access control issue in the component /login/hostinfo.cgi of ipTIME ...)
- TODO: check
+ NOT-FOR-US: ipTIME A2004
CVE-2024-54030 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-53936 (The com.asianmobile.callcolor (aka Color Phone Call Screen App) applic ...)
- TODO: check
+ NOT-FOR-US: com.asianmobile.callcolor (aka Color Phone Call Screen App)
CVE-2024-53935 (The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone F ...)
- TODO: check
+ NOT-FOR-US: com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application
CVE-2024-53934 (The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color P ...)
- TODO: check
+ NOT-FOR-US: com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application
CVE-2024-53933 (The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme ...)
- TODO: check
+ NOT-FOR-US: com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application
CVE-2024-53932 (The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color P ...)
- TODO: check
+ NOT-FOR-US: com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application
CVE-2024-53931 (The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) app ...)
- TODO: check
+ NOT-FOR-US: com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application
CVE-2024-51741 (Redis is an open source, in-memory database that persists on disk. An ...)
TODO: check
CVE-2024-48457 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...)
- TODO: check
+ NOT-FOR-US: Netis Router
CVE-2024-48456 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...)
- TODO: check
+ NOT-FOR-US: Netis Router
CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Neti ...)
- TODO: check
+ NOT-FOR-US: Netis Router
CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-46981 (Redis is an open source, in-memory database that persists on disk. An ...)
TODO: check
CVE-2024-45070 (in OpenHarmony v4.1.2 and prior versions allow a local attacker cause ...)
- TODO: check
+ NOT-FOR-US: OpenHarmony
CVE-2024-12849 (The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12781 (The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress theme
CVE-2024-12633 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12624 (The Sina Extension for Elementor plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12592 (The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12590 (The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12559 (The ClickDesigns plugin for WordPress is vulnerable to unauthorized mo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12557 (The Transporters.io plugin for WordPress is vulnerable to Cross-Site R ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12541 (The Chative Live chat and Chatbot plugin for WordPress is vulnerable t ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12540 (The LDD Directory Lite plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12538 (The Duplicate Post, Page and Any Custom Post plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12535 (The Host PHP Info plugin for WordPress is vulnerable to unauthorized a ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12528 (The WordPress Survey & Poll \u2013 Quiz, Survey and Poll Plugin for Wo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12516 (The Coupon Plugin plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12499 (The WP jQuery DataTable plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12495 (The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerab ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12471 (The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12470 (The School Management System \u2013 SakolaWP plugin for WordPress is v ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12464 (The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12462 (The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Si ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12457 (The Chat Support for Viber \u2013 Chat Bubble and Chat Button for Gute ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12453 (The Uptodown APK Download Widget plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12445 (The RightMessage WP plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12440 (The Candifly plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12439 (The Marketplace Items plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12438 (The WooCommerce Digital Content Delivery (incl. DRM) \u2013 FlickRocke ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12437 (The Marketplace Items plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12435 (The Compare Products for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12419 (The The Design for Contact Form 7 Style WordPress Plugin \u2013 CF7 WO ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12416 (The Live Sales Notification for Woocommerce \u2013 Woomotiv plugin for ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12402 (The Themes Coder \u2013 Create Android & iOS Apps For Your Woocommerce ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12384 (The Binary MLM Woocommerce plugin for WordPress is vulnerable to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12383 (The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12332 (The School Management System \u2013 WPSchoolPress plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12327 (The LazyLoad Background Images plugin for WordPress is vulnerable to u ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12324 (The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12322 (The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12313 (The Compare Products for WooCommerce plugin for WordPress is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12291 (The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12290 (The Infility Global plugin for WordPress is vulnerable to Reflected Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12288 (The Simple add pages or posts plugin for WordPress is vulnerable to Cr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12264 (The PayU CommercePro Plugin plugin for WordPress is vulnerable to priv ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12261 (The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12256 (The Simple Video Management System plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12252 (The SEO LAT Auto Post plugin for WordPress is vulnerable to file overw ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12214 (The WooCommerce HSS Extension for Streaming Video plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12208 (The Backup and Restore WordPress \u2013 Backup Plugin plugin for WordP ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12207 (The Toggles Shortcode and Widget plugin for WordPress is vulnerable to ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12202 (The Croma Music plugin for WordPress is vulnerable to unauthorized mod ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12176 (The WordLift \u2013 AI powered SEO \u2013 Schema plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12170 (The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Requ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12159 (The Optimize Your Campaigns \u2013 Google Shopping \u2013 Google Ads \ ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12158 (The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergratio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12157 (The Popup \u2013 MailChimp, GetResponse and ActiveCampaign Intergratio ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12153 (The GDY Modular Content plugin for WordPress is vulnerable to Reflecte ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12140 (The Elementor Addons AI Addons \u2013 70 Widgets, Premium Templates, U ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12126 (The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12124 (The Role Includer plugin for WordPress is vulnerable to Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12098 (The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Re ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12077 (The Booking Calendar and Booking Calendar Pro plugins for WordPress ar ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12073 (The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12049 (The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-12022 (The WP Menu Image plugin for WordPress is vulnerable to unauthorized m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11934 (The Formaloo Form Maker & Customer Analytics for WordPress & WooCommer ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11899 (The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11887 (The Geo Content plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11810 (The PayGreen Payment Gateway plugin for WordPress is vulnerable to Ref ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11777 (The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11764 (The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11756 (The SweepWidget Contests, Giveaways, Photo Contests, Competitions plug ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11749 (The App Embed plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11725 (The SMS Alert Order Notifications \u2013 WooCommerce plugin for WordPr ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11690 (The Financial Stocks & Crypto Market Data Plugin plugin for WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11627 (: Insufficient Session Expiration vulnerability in Progress Sitefinity ...)
- TODO: check
+ NOT-FOR-US: Progress Sitefinity
CVE-2024-11626 (Improper Neutralization of Input During CMS Backend (adminstrative sec ...)
- TODO: check
+ NOT-FOR-US: Progress Sitefinity
CVE-2024-11625 (Information Exposure Through an Error Message vulnerability in Progres ...)
- TODO: check
+ NOT-FOR-US: Progress Sitefinity
CVE-2024-11606 (The Tabs Shortcode WordPress plugin through 2.0.2 does not validate an ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11496 (The Infility Global plugin for WordPress is vulnerable to unauthorized ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11465 (The Custom Product Tabs for WooCommerce plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11445 (The Image Magnify plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11437 (The Timeline Designer plugin for WordPress is vulnerable to SQL Inject ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11434 (The WP \u2013 Bulk SMS \u2013 by SMS.to plugin for WordPress is vulner ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11383 (The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11382 (The Common Ninja: Fully Customizable & Perfectly Responsive Free Widge ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11378 (The Bizapp for WooCommerce plugin for WordPress is vulnerable to Refle ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11377 (The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11375 (The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Sc ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11369 (The Store credit / Gift cards for woocommerce plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11363 (The Same but Different \u2013 Related Posts by Taxonomy plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11338 (The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11337 (The Horoscope And Tarot plugin for WordPress is vulnerable to Stored C ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11290 (The Member Access plugin for WordPress is vulnerable to Sensitive Info ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-11282 (The Passster \u2013 Password Protect Pages and Content plugin for Word ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10866 (The Export Import Menus plugin for WordPress is vulnerable to unauthor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10562 (The Form Maker by 10Web WordPress plugin before 1.15.31 does not sani ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10536 (The FancyPost \u2013 Best Ultimate Post Block, Post Grid, Layouts, Car ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10527 (The Spacer plugin for WordPress is vulnerable to unauthorized access o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2024-10102 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-21618 (NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, ...)
NOT-FOR-US: NiceGUI
CVE-2025-21617 (Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feb0a5fcba5a3b610c5ea180f9df2f34c4af38e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/feb0a5fcba5a3b610c5ea180f9df2f34c4af38e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250107/6f0379c7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list