Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 0fdd9726 by Salvatore Bonaccorso at 2020-10-31T09:20:05+01:00 Add new wordpress issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,21 +1,39 @@ CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...) - TODO: check + - wordpress <unfixed> + NOTE: https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 al ...) - TODO: check + - wordpress <unfixed> + NOTE: https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + NOTE: https://wpscan.com/vulnerability/10452 CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...) - TODO: check + - wordpress <unfixed> + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress before 5.5 ...) - TODO: check + - wordpress <unfixed> + NOTE: https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + NOTE: https://wpscan.com/vulnerability/10450 CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allow ...) - TODO: check + - wordpress <unfixed> + NOTE: https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32 + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + NOTE: https://wpscan.com/vulnerability/10449 CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC ...) - TODO: check + - wordpress <unfixed> + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global variables. ...) - TODO: check + - wordpress <unfixed> + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites on a mult ...) - TODO: check + - wordpress <unfixed> + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ...) - TODO: check + - wordpress <unfixed> + NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 + NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ + NOTE: https://wpscan.com/vulnerability/10446 CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (for exam ...) TODO: check CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fdd9726565e3bfa98355d5bfb0d3a59ffbee582 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fdd9726565e3bfa98355d5bfb0d3a59ffbee582 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
