Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4f23a566 by security tracker role at 2025-01-07T08:12:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,265 @@
+CVE-2025-22395 (Dell Update Package Framework, versions prior to 22.01.02,
contain(s) ...)
+ TODO: check
+CVE-2025-21620 (Deno is a JavaScript, TypeScript, and WebAssembly runtime with
secure ...)
+ TODO: check
+CVE-2025-21616 (Plane is an open-source project management tool. A cross-site
scriptin ...)
+ TODO: check
+CVE-2024-9702 (The Social Rocket \u2013 Social Sharing Plugin plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-9697 (The Social Rocket \u2013 Social Sharing Plugin plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-9638 (The Category Posts Widget WordPress plugin before 4.9.18 does
not sani ...)
+ TODO: check
+CVE-2024-9502 (The Master Addons \u2013 Elementor Addons with White Label,
Free Widge ...)
+ TODO: check
+CVE-2024-9354 (The Estatik Mortgage Calculator plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-9208 (The Enable Accessibility plugin for WordPress is vulnerable to
Reflect ...)
+ TODO: check
+CVE-2024-8857 (The WordPress Auction Plugin WordPress plugin through 3.7 does
not san ...)
+ TODO: check
+CVE-2024-8855 (The WordPress Auction Plugin WordPress plugin through 3.7 does
not san ...)
+ TODO: check
+CVE-2024-7696 (Seth Fogie, member of AXIS Camera Station Pro Bug Bounty
Program, has ...)
+ TODO: check
+CVE-2024-55553 (In FRRouting (FRR) before 10.3, it is possible for an attacker
to trig ...)
+ TODO: check
+CVE-2024-55076 (Grocy through 4.3.0 has no CSRF protection, as demonstrated by
changin ...)
+ TODO: check
+CVE-2024-55075 (Grocy through 4.3.0 allows remote attackers to obtain
sensitive inform ...)
+ TODO: check
+CVE-2024-55074 (The edit profile function of Grocy through 4.3.0 allows stored
XSS and ...)
+ TODO: check
+CVE-2024-54767 (An access control issue in the component /juis_boxinfo.xml of
AVM FRIT ...)
+ TODO: check
+CVE-2024-54764 (An access control issue in the component /login/hostinfo2.cgi
of ipTIM ...)
+ TODO: check
+CVE-2024-54763 (An access control issue in the component /login/hostinfo.cgi
of ipTIME ...)
+ TODO: check
+CVE-2024-54030 (in OpenHarmony v4.1.2 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-53936 (The com.asianmobile.callcolor (aka Color Phone Call Screen
App) applic ...)
+ TODO: check
+CVE-2024-53935 (The com.callos14.callscreen.colorphone (aka iCall OS17 - Color
Phone F ...)
+ TODO: check
+CVE-2024-53934 (The com.windymob.callscreen.ringtone.callcolor.colorphone (aka
Color P ...)
+ TODO: check
+CVE-2024-53933 (The com.callerscreen.colorphone.themes.callflash (aka Color
Call Theme ...)
+ TODO: check
+CVE-2024-53932 (The com.remi.colorphone.callscreen.calltheme.callerscreen (aka
Color P ...)
+ TODO: check
+CVE-2024-53931 (The com.glitter.caller.screen (aka iCaller, Caller Theme &
Dialer) app ...)
+ TODO: check
+CVE-2024-51741 (Redis is an open source, in-memory database that persists on
disk. An ...)
+ TODO: check
+CVE-2024-48457 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582
and Neti ...)
+ TODO: check
+CVE-2024-48456 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582
and Neti ...)
+ TODO: check
+CVE-2024-48455 (An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582
and Neti ...)
+ TODO: check
+CVE-2024-47398 (in OpenHarmony v4.1.2 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-46981 (Redis is an open source, in-memory database that persists on
disk. An ...)
+ TODO: check
+CVE-2024-45070 (in OpenHarmony v4.1.2 and prior versions allow a local
attacker cause ...)
+ TODO: check
+CVE-2024-12849 (The Error Log Viewer By WP Guru plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-12781 (The Aurum - WordPress & WooCommerce Shopping Theme theme for
WordPress ...)
+ TODO: check
+CVE-2024-12633 (The JoomSport \u2013 for Sports: Team & League, Football,
Hockey & mor ...)
+ TODO: check
+CVE-2024-12624 (The Sina Extension for Elementor plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-12592 (The Sellsy plugin for WordPress is vulnerable to Stored
Cross-Site Scr ...)
+ TODO: check
+CVE-2024-12590 (The WP Youtube Gallery plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-12559 (The ClickDesigns plugin for WordPress is vulnerable to
unauthorized mo ...)
+ TODO: check
+CVE-2024-12557 (The Transporters.io plugin for WordPress is vulnerable to
Cross-Site R ...)
+ TODO: check
+CVE-2024-12541 (The Chative Live chat and Chatbot plugin for WordPress is
vulnerable t ...)
+ TODO: check
+CVE-2024-12540 (The LDD Directory Lite plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2024-12538 (The Duplicate Post, Page and Any Custom Post plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-12535 (The Host PHP Info plugin for WordPress is vulnerable to
unauthorized a ...)
+ TODO: check
+CVE-2024-12528 (The WordPress Survey & Poll \u2013 Quiz, Survey and Poll
Plugin for Wo ...)
+ TODO: check
+CVE-2024-12516 (The Coupon Plugin plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-12499 (The WP jQuery DataTable plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-12495 (The Bootstrap Blocks for WP Editor v2 plugin for WordPress is
vulnerab ...)
+ TODO: check
+CVE-2024-12471 (The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion,
Pexels, Dezgo ...)
+ TODO: check
+CVE-2024-12470 (The School Management System \u2013 SakolaWP plugin for
WordPress is v ...)
+ TODO: check
+CVE-2024-12464 (The Chatroll Live Chat plugin for WordPress is vulnerable to
Stored Cr ...)
+ TODO: check
+CVE-2024-12462 (The YOGO Booking plugin for WordPress is vulnerable to Stored
Cross-Si ...)
+ TODO: check
+CVE-2024-12457 (The Chat Support for Viber \u2013 Chat Bubble and Chat Button
for Gute ...)
+ TODO: check
+CVE-2024-12453 (The Uptodown APK Download Widget plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-12445 (The RightMessage WP plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-12440 (The Candifly plugin for WordPress is vulnerable to Stored
Cross-Site S ...)
+ TODO: check
+CVE-2024-12439 (The Marketplace Items plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-12438 (The WooCommerce Digital Content Delivery (incl. DRM) \u2013
FlickRocke ...)
+ TODO: check
+CVE-2024-12437 (The Marketplace Items plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-12435 (The Compare Products for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-12419 (The The Design for Contact Form 7 Style WordPress Plugin
\u2013 CF7 WO ...)
+ TODO: check
+CVE-2024-12416 (The Live Sales Notification for Woocommerce \u2013 Woomotiv
plugin for ...)
+ TODO: check
+CVE-2024-12402 (The Themes Coder \u2013 Create Android & iOS Apps For Your
Woocommerce ...)
+ TODO: check
+CVE-2024-12384 (The Binary MLM Woocommerce plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2024-12383 (The Binary MLM Woocommerce plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
+CVE-2024-12332 (The School Management System \u2013 WPSchoolPress plugin for
WordPress ...)
+ TODO: check
+CVE-2024-12327 (The LazyLoad Background Images plugin for WordPress is
vulnerable to u ...)
+ TODO: check
+CVE-2024-12324 (The Unilevel MLM Plan plugin for WordPress is vulnerable to
Reflected ...)
+ TODO: check
+CVE-2024-12322 (The ThePerfectWedding.nl Widget plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-12313 (The Compare Products for WooCommerce plugin for WordPress is
vulnerabl ...)
+ TODO: check
+CVE-2024-12291 (The ViewMedica 9 plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2024-12290 (The Infility Global plugin for WordPress is vulnerable to
Reflected Cr ...)
+ TODO: check
+CVE-2024-12288 (The Simple add pages or posts plugin for WordPress is
vulnerable to Cr ...)
+ TODO: check
+CVE-2024-12264 (The PayU CommercePro Plugin plugin for WordPress is vulnerable
to priv ...)
+ TODO: check
+CVE-2024-12261 (The SmartEmailing.cz plugin for WordPress is vulnerable to
Reflected C ...)
+ TODO: check
+CVE-2024-12256 (The Simple Video Management System plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-12252 (The SEO LAT Auto Post plugin for WordPress is vulnerable to
file overw ...)
+ TODO: check
+CVE-2024-12214 (The WooCommerce HSS Extension for Streaming Video plugin for
WordPress ...)
+ TODO: check
+CVE-2024-12208 (The Backup and Restore WordPress \u2013 Backup Plugin plugin
for WordP ...)
+ TODO: check
+CVE-2024-12207 (The Toggles Shortcode and Widget plugin for WordPress is
vulnerable to ...)
+ TODO: check
+CVE-2024-12202 (The Croma Music plugin for WordPress is vulnerable to
unauthorized mod ...)
+ TODO: check
+CVE-2024-12176 (The WordLift \u2013 AI powered SEO \u2013 Schema plugin for
WordPress ...)
+ TODO: check
+CVE-2024-12170 (The ViewMedica 9 plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2024-12159 (The Optimize Your Campaigns \u2013 Google Shopping \u2013
Google Ads \ ...)
+ TODO: check
+CVE-2024-12158 (The Popup \u2013 MailChimp, GetResponse and ActiveCampaign
Intergratio ...)
+ TODO: check
+CVE-2024-12157 (The Popup \u2013 MailChimp, GetResponse and ActiveCampaign
Intergratio ...)
+ TODO: check
+CVE-2024-12153 (The GDY Modular Content plugin for WordPress is vulnerable to
Reflecte ...)
+ TODO: check
+CVE-2024-12140 (The Elementor Addons AI Addons \u2013 70 Widgets, Premium
Templates, U ...)
+ TODO: check
+CVE-2024-12126 (The SEO Keywords plugin for WordPress is vulnerable to
Reflected Cross ...)
+ TODO: check
+CVE-2024-12124 (The Role Includer plugin for WordPress is vulnerable to
Reflected Cros ...)
+ TODO: check
+CVE-2024-12098 (The ARS Affiliate Page Plugin plugin for WordPress is
vulnerable to Re ...)
+ TODO: check
+CVE-2024-12077 (The Booking Calendar and Booking Calendar Pro plugins for
WordPress ar ...)
+ TODO: check
+CVE-2024-12073 (The Meteor Slides plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-12049 (The Woo Ukrposhta plugin for WordPress is vulnerable to
Reflected Cros ...)
+ TODO: check
+CVE-2024-12022 (The WP Menu Image plugin for WordPress is vulnerable to
unauthorized m ...)
+ TODO: check
+CVE-2024-11934 (The Formaloo Form Maker & Customer Analytics for WordPress &
WooCommer ...)
+ TODO: check
+CVE-2024-11899 (The Slider Pro Lite plugin for WordPress is vulnerable to
Stored Cross ...)
+ TODO: check
+CVE-2024-11887 (The Geo Content plugin for WordPress is vulnerable to Stored
Cross-Sit ...)
+ TODO: check
+CVE-2024-11810 (The PayGreen Payment Gateway plugin for WordPress is
vulnerable to Ref ...)
+ TODO: check
+CVE-2024-11777 (The Sell Media plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-11764 (The Solar Wizard Lite plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2024-11756 (The SweepWidget Contests, Giveaways, Photo Contests,
Competitions plug ...)
+ TODO: check
+CVE-2024-11749 (The App Embed plugin for WordPress is vulnerable to Stored
Cross-Site ...)
+ TODO: check
+CVE-2024-11725 (The SMS Alert Order Notifications \u2013 WooCommerce plugin
for WordPr ...)
+ TODO: check
+CVE-2024-11690 (The Financial Stocks & Crypto Market Data Plugin plugin for
WordPress ...)
+ TODO: check
+CVE-2024-11627 (: Insufficient Session Expiration vulnerability in Progress
Sitefinity ...)
+ TODO: check
+CVE-2024-11626 (Improper Neutralization of Input During CMS Backend
(adminstrative sec ...)
+ TODO: check
+CVE-2024-11625 (Information Exposure Through an Error Message vulnerability in
Progres ...)
+ TODO: check
+CVE-2024-11606 (The Tabs Shortcode WordPress plugin through 2.0.2 does not
validate an ...)
+ TODO: check
+CVE-2024-11496 (The Infility Global plugin for WordPress is vulnerable to
unauthorized ...)
+ TODO: check
+CVE-2024-11465 (The Custom Product Tabs for WooCommerce plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2024-11445 (The Image Magnify plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-11437 (The Timeline Designer plugin for WordPress is vulnerable to
SQL Inject ...)
+ TODO: check
+CVE-2024-11434 (The WP \u2013 Bulk SMS \u2013 by SMS.to plugin for WordPress
is vulner ...)
+ TODO: check
+CVE-2024-11383 (The CC Canadian Mortgage Calculator plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-11382 (The Common Ninja: Fully Customizable & Perfectly Responsive
Free Widge ...)
+ TODO: check
+CVE-2024-11378 (The Bizapp for WooCommerce plugin for WordPress is vulnerable
to Refle ...)
+ TODO: check
+CVE-2024-11377 (The Automate Hub Free by Sperse.IO plugin for WordPress is
vulnerable ...)
+ TODO: check
+CVE-2024-11375 (The WC1C plugin for WordPress is vulnerable to Reflected
Cross-Site Sc ...)
+ TODO: check
+CVE-2024-11369 (The Store credit / Gift cards for woocommerce plugin for
WordPress is ...)
+ TODO: check
+CVE-2024-11363 (The Same but Different \u2013 Related Posts by Taxonomy plugin
for Wor ...)
+ TODO: check
+CVE-2024-11338 (The PIXNET Plugin plugin for WordPress is vulnerable to Stored
Cross-S ...)
+ TODO: check
+CVE-2024-11337 (The Horoscope And Tarot plugin for WordPress is vulnerable to
Stored C ...)
+ TODO: check
+CVE-2024-11290 (The Member Access plugin for WordPress is vulnerable to
Sensitive Info ...)
+ TODO: check
+CVE-2024-11282 (The Passster \u2013 Password Protect Pages and Content plugin
for Word ...)
+ TODO: check
+CVE-2024-10866 (The Export Import Menus plugin for WordPress is vulnerable to
unauthor ...)
+ TODO: check
+CVE-2024-10562 (The Form Maker by 10Web WordPress plugin before 1.15.31 does
not sani ...)
+ TODO: check
+CVE-2024-10536 (The FancyPost \u2013 Best Ultimate Post Block, Post Grid,
Layouts, Car ...)
+ TODO: check
+CVE-2024-10527 (The Spacer plugin for WordPress is vulnerable to unauthorized
access o ...)
+ TODO: check
+CVE-2024-10102 (The Photo Gallery, Images, Slider in Rbs Image Gallery
WordPress plugi ...)
+ TODO: check
CVE-2025-21618 (NiceGUI is an easy-to-use, Python-based UI framework. Prior to
2.9.1, ...)
NOT-FOR-US: NiceGUI
CVE-2025-21617 (Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0.
Prior t ...)
@@ -7100,7 +7362,7 @@ CVE-2024-49602 (Dell PowerScale OneFS Versions 8.2.2.x
through 9.8.0.x contain a
NOT-FOR-US: Dell
CVE-2024-49600 (Dell Power Manager (DPM), versions prior to 3.17, contain an
improper ...)
NOT-FOR-US: Dell
-CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 allows attackers without
valid a ...)
+CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 before 7.4 allows
attackers with ...)
NOT-FOR-US: Serviceware Processes
CVE-2024-46901 (Insufficient validation of filenames against control
characters in Apa ...)
- subversion 1.14.5-1
@@ -8279,7 +8541,7 @@ CVE-2024-9404 (Moxa\u2019s IP Cameras are affected by a
medium-severity vulnerab
NOT-FOR-US: Moxa
CVE-2024-54664 (An issue was discovered in Veritas NetBackup before 10.5. This
only ap ...)
NOT-FOR-US: Veritas
-CVE-2024-54661 (readline.sh in socat through 1.8.0.1 relies on the
/tmp/$USER/stderr2 ...)
+CVE-2024-54661 (readline.sh in socat before1.8.0.2 relies on the
/tmp/$USER/stderr2 fi ...)
- socat 1.8.0.2-1 (unimportant)
NOTE: Issue only in installed example:
/usr/share/doc/socat/examples/readline.sh
NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv9.html
@@ -300092,8 +300354,8 @@ CVE-2021-27287
RESERVED
CVE-2021-27286
RESERVED
-CVE-2021-27285
- RESERVED
+CVE-2021-27285 (An issue was discovered in Inspur ClusterEngine v4.0 that
allows attac ...)
+ TODO: check
CVE-2021-27284
RESERVED
CVE-2021-27283
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23a566644fa5b10a9f1399dd2fbc2f89d9822a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4f23a566644fa5b10a9f1399dd2fbc2f89d9822a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
