[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 31 08:10:22 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7f598e5 by security tracker role at 2020-10-31T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,31 @@
+CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...)
+ TODO: check
+CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 al ...)
+ TODO: check
+CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...)
+ TODO: check
+CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress before 5.5 ...)
+ TODO: check
+CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allow ...)
+ TODO: check
+CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC ...)
+ TODO: check
+CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global variables. ...)
+ TODO: check
+CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites on a mult ...)
+ TODO: check
+CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ...)
+ TODO: check
+CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (for exam ...)
+ TODO: check
+CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...)
+ TODO: check
+CVE-2020-28029
+ RESERVED
+CVE-2020-28028
+ RESERVED
+CVE-2020-28027
+ RESERVED
CVE-2020-28026
RESERVED
CVE-2020-28025
@@ -26337,8 +26365,7 @@ CVE-2020-15705 (GRUB2 fails to validate kernel signature when booted directly wi
NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3
CVE-2020-15704 (The modprobe child process in the ./debian/patches/load_ppp_generic_if ...)
- ppp <not-affected> (Ubuntu-specific issue, load_ppp_generic_if_needed.patch not used in Debian)
-CVE-2020-15703
- RESERVED
+CVE-2020-15703 (There is no input validation on the Locale property in an apt transact ...)
- aptdaemon <removed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235
CVE-2020-15702 (TOCTOU Race Condition vulnerability in apport allows a local attacker ...)
@@ -27491,8 +27518,8 @@ CVE-2020-15275
RESERVED
CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...)
NOT-FOR-US: Wiki.js
-CVE-2020-15273
- RESERVED
+CVE-2020-15273 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. T ...)
+ TODO: check
CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...)
NOT-FOR-US: git-tag-annotation-action
CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...)
@@ -52951,8 +52978,8 @@ CVE-2020-5993
RESERVED
CVE-2020-5992
RESERVED
-CVE-2020-5991
- RESERVED
+CVE-2020-5991 (NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerab ...)
+ TODO: check
CVE-2020-5990 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...)
NOT-FOR-US: NVIDIA GeForce Experience
CVE-2020-5989 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f598e5fb5e445cbff20ce2eadb1a2ce5fffd9e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f598e5fb5e445cbff20ce2eadb1a2ce5fffd9e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201031/da027af5/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list