[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 1 08:10:25 GMT 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c670ae51 by security tracker role at 2021-01-01T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,71 @@
-CVE-2020-35930
+CVE-2021-3001
RESERVED
+CVE-2020-35951 (An issue was discovered in the Quiz and Survey Master plugin before 7. ...)
+ TODO: check
+CVE-2020-35950 (An issue was discovered in the XCloner Backup and Restore plugin befor ...)
+ TODO: check
+CVE-2020-35949 (An issue was discovered in the Quiz and Survey Master plugin before 7. ...)
+ TODO: check
+CVE-2020-35948 (An issue was discovered in the XCloner Backup and Restore plugin befor ...)
+ TODO: check
+CVE-2020-35947 (An issue was discovered in the PageLayer plugin before 1.1.2 for WordP ...)
+ TODO: check
+CVE-2020-35946 (An issue was discovered in the All in One SEO Pack plugin before 3.6.2 ...)
+ TODO: check
+CVE-2020-35945 (An issue was discovered in the Divi Builder plugin, Divi theme, and Di ...)
+ TODO: check
+CVE-2020-35944 (An issue was discovered in the PageLayer plugin before 1.1.2 for WordP ...)
+ TODO: check
+CVE-2020-35943
+ RESERVED
+CVE-2020-35942
+ RESERVED
+CVE-2020-35941
+ RESERVED
+CVE-2020-35940
+ RESERVED
+CVE-2020-35939 (PHP Object injection vulnerabilities in the Team Showcase plugin befor ...)
+ TODO: check
+CVE-2020-35938 (PHP Object injection vulnerabilities in the Post Grid plugin before 2. ...)
+ TODO: check
+CVE-2020-35937 (Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase ...)
+ TODO: check
+CVE-2020-35936 (Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plu ...)
+ TODO: check
+CVE-2020-35935 (The Advanced Access Manager plugin before 6.6.2 for WordPress allows p ...)
+ TODO: check
+CVE-2020-35934 (The Advanced Access Manager plugin before 6.6.2 for WordPress displays ...)
+ TODO: check
+CVE-2020-35933 (A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2020-35932 (Insecure Deserialization in the Newsletter plugin before 6.8.2 for Wor ...)
+ TODO: check
+CVE-2020-35931 (An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1. ...)
+ TODO: check
+CVE-2019-25012 (The Webform Report project 7.x-1.x-dev for Drupal allows remote attack ...)
+ TODO: check
+CVE-2018-25002 (uploader.php in the KCFinder integration project through 2018-06-01 fo ...)
+ TODO: check
+CVE-2017-20001 (The AES encryption project 7.x and 8.x for Drupal does not sufficientl ...)
+ TODO: check
+CVE-2016-20008 (The REST/JSON project 7.x-1.x for Drupal allows session enumeration, a ...)
+ TODO: check
+CVE-2016-20007 (The REST/JSON project 7.x-1.x for Drupal allows session name guessing, ...)
+ TODO: check
+CVE-2016-20006 (The REST/JSON project 7.x-1.x for Drupal allows blockage of user login ...)
+ TODO: check
+CVE-2016-20005 (The REST/JSON project 7.x-1.x for Drupal allows user registration bypa ...)
+ TODO: check
+CVE-2016-20004 (The REST/JSON project 7.x-1.x for Drupal allows field access bypass, a ...)
+ TODO: check
+CVE-2016-20003 (The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka ...)
+ TODO: check
+CVE-2016-20002 (The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, ...)
+ TODO: check
+CVE-2016-20001 (The REST/JSON project 7.x-1.x for Drupal allows node access bypass, ak ...)
+ TODO: check
+CVE-2020-35930 (Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url ...)
+ TODO: check
CVE-2020-35929
RESERVED
CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for Rust. A ...)
@@ -133,8 +199,8 @@ CVE-2020-35858 (An issue was discovered in the prost crate before 0.6.1 for Rust
TODO: check
CVE-2020-35857 (An issue was discovered in the trust-dns-server crate before 0.18.1 fo ...)
TODO: check
-CVE-2019-25011
- RESERVED
+CVE-2019-25011 (NetBox through 2.6.2 allows an Authenticated User to conduct an XSS at ...)
+ TODO: check
CVE-2019-25010 (An issue was discovered in the failure crate through 2019-11-13 for Ru ...)
TODO: check
CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for Rust. The ...)
@@ -4203,8 +4269,8 @@ CVE-2020-35393
RESERVED
CVE-2020-35392
RESERVED
-CVE-2020-35391
- RESERVED
+CVE-2020-35391 (Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sen ...)
+ TODO: check
CVE-2020-35390
RESERVED
CVE-2020-35389
@@ -7339,18 +7405,21 @@ CVE-2020-29365
CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines vulnerable to stored x ...)
NOT-FOR-US: NetArt News Lister
CVE-2020-29363 (An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-base ...)
+ {DSA-4822-1}
- p11-kit 0.23.22-1
NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x
NOTE: https://github.com/p11-glue/p11-kit/commit/2617f3ef888e103324a28811886b99ed0a56346d (0.23.22)
NOTE: Introduced in https://github.com/p11-glue/p11-kit/commit/ba49b85ecf280e7fb6eec96c3ef33c50122e75a6 (0.23.6)
CVE-2020-29362 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-base ...)
+ {DSA-4822-1}
- p11-kit 0.23.22-1
NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
NOTE: https://github.com/p11-glue/p11-kit/commit/bda2f543ff8e0195c90e849379ef1585d00677bc (0.23.22)
NOTE: Introduced in https://github.com/p11-glue/p11-kit/commit/c785ab66890ad7b73c556d6afdf2bb8a32dd50e2 (0.21.1)
CVE-2020-29361 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple in ...)
+ {DSA-4822-1}
- p11-kit 0.23.22-1
NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
@@ -17873,8 +17942,8 @@ CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows
NOT-FOR-US: FUEL CMS
CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
NOT-FOR-US: qdPM
-CVE-2020-26165
- RESERVED
+CVE-2020-26165 (qdPM through 9.1 allows PHP Object Injection via timeReportActions::ex ...)
+ TODO: check
CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the ...)
- kdeconnect 20.08.2-1 (bug #971736)
[buster] - kdeconnect <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c670ae5122fd0e8b5cda7eb42b0b03a7e3e4ab6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c670ae5122fd0e8b5cda7eb42b0b03a7e3e4ab6d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210101/29bdf9b6/attachment.html>
More information about the debian-security-tracker-commits
mailing list