Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c670ae51 by security tracker role at 2021-01-01T08:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,71 @@
-CVE-2020-35930
+CVE-2021-3001
RESERVED
+CVE-2020-35951 (An issue was discovered in the Quiz and Survey Master plugin
before 7. ...)
+ TODO: check
+CVE-2020-35950 (An issue was discovered in the XCloner Backup and Restore
plugin befor ...)
+ TODO: check
+CVE-2020-35949 (An issue was discovered in the Quiz and Survey Master plugin
before 7. ...)
+ TODO: check
+CVE-2020-35948 (An issue was discovered in the XCloner Backup and Restore
plugin befor ...)
+ TODO: check
+CVE-2020-35947 (An issue was discovered in the PageLayer plugin before 1.1.2
for WordP ...)
+ TODO: check
+CVE-2020-35946 (An issue was discovered in the All in One SEO Pack plugin
before 3.6.2 ...)
+ TODO: check
+CVE-2020-35945 (An issue was discovered in the Divi Builder plugin, Divi
theme, and Di ...)
+ TODO: check
+CVE-2020-35944 (An issue was discovered in the PageLayer plugin before 1.1.2
for WordP ...)
+ TODO: check
+CVE-2020-35943
+ RESERVED
+CVE-2020-35942
+ RESERVED
+CVE-2020-35941
+ RESERVED
+CVE-2020-35940
+ RESERVED
+CVE-2020-35939 (PHP Object injection vulnerabilities in the Team Showcase
plugin befor ...)
+ TODO: check
+CVE-2020-35938 (PHP Object injection vulnerabilities in the Post Grid plugin
before 2. ...)
+ TODO: check
+CVE-2020-35937 (Stored Cross-Site Scripting (XSS) vulnerabilities in the Team
Showcase ...)
+ TODO: check
+CVE-2020-35936 (Stored Cross-Site Scripting (XSS) vulnerabilities in the Post
Grid plu ...)
+ TODO: check
+CVE-2020-35935 (The Advanced Access Manager plugin before 6.6.2 for WordPress
allows p ...)
+ TODO: check
+CVE-2020-35934 (The Advanced Access Manager plugin before 6.6.2 for WordPress
displays ...)
+ TODO: check
+CVE-2020-35933 (A Reflected Authenticated Cross-Site Scripting (XSS)
vulnerability in ...)
+ TODO: check
+CVE-2020-35932 (Insecure Deserialization in the Newsletter plugin before 6.8.2
for Wor ...)
+ TODO: check
+CVE-2020-35931 (An issue was discovered in Foxit Reader before 10.1.1 (and
before 4.1. ...)
+ TODO: check
+CVE-2019-25012 (The Webform Report project 7.x-1.x-dev for Drupal allows
remote attack ...)
+ TODO: check
+CVE-2018-25002 (uploader.php in the KCFinder integration project through
2018-06-01 fo ...)
+ TODO: check
+CVE-2017-20001 (The AES encryption project 7.x and 8.x for Drupal does not
sufficientl ...)
+ TODO: check
+CVE-2016-20008 (The REST/JSON project 7.x-1.x for Drupal allows session
enumeration, a ...)
+ TODO: check
+CVE-2016-20007 (The REST/JSON project 7.x-1.x for Drupal allows session name
guessing, ...)
+ TODO: check
+CVE-2016-20006 (The REST/JSON project 7.x-1.x for Drupal allows blockage of
user login ...)
+ TODO: check
+CVE-2016-20005 (The REST/JSON project 7.x-1.x for Drupal allows user
registration bypa ...)
+ TODO: check
+CVE-2016-20004 (The REST/JSON project 7.x-1.x for Drupal allows field access
bypass, a ...)
+ TODO: check
+CVE-2016-20003 (The REST/JSON project 7.x-1.x for Drupal allows user
enumeration, aka ...)
+ TODO: check
+CVE-2016-20002 (The REST/JSON project 7.x-1.x for Drupal allows comment access
bypass, ...)
+ TODO: check
+CVE-2016-20001 (The REST/JSON project 7.x-1.x for Drupal allows node access
bypass, ak ...)
+ TODO: check
+CVE-2020-35930 (Seo Panel 4.8.0 allows stored XSS by an Authenticated User via
the url ...)
+ TODO: check
CVE-2020-35929
RESERVED
CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for
Rust. A ...)
@@ -133,8 +199,8 @@ CVE-2020-35858 (An issue was discovered in the prost crate
before 0.6.1 for Rust
TODO: check
CVE-2020-35857 (An issue was discovered in the trust-dns-server crate before
0.18.1 fo ...)
TODO: check
-CVE-2019-25011
- RESERVED
+CVE-2019-25011 (NetBox through 2.6.2 allows an Authenticated User to conduct
an XSS at ...)
+ TODO: check
CVE-2019-25010 (An issue was discovered in the failure crate through
2019-11-13 for Ru ...)
TODO: check
CVE-2019-25009 (An issue was discovered in the http crate before 0.1.20 for
Rust. The ...)
@@ -4203,8 +4269,8 @@ CVE-2020-35393
RESERVED
CVE-2020-35392
RESERVED
-CVE-2020-35391
- RESERVED
+CVE-2020-35391 (Tenda N300 F3 12.01.01.48 devices allow remote attackers to
obtain sen ...)
+ TODO: check
CVE-2020-35390
RESERVED
CVE-2020-35389
@@ -7339,18 +7405,21 @@ CVE-2020-29365
CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines vulnerable to
stored x ...)
NOT-FOR-US: NetArt News Lister
CVE-2020-29363 (An issue was discovered in p11-kit 0.23.6 through 0.23.21. A
heap-base ...)
+ {DSA-4822-1}
- p11-kit 0.23.22-1
NOTE:
https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE:
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x
NOTE:
https://github.com/p11-glue/p11-kit/commit/2617f3ef888e103324a28811886b99ed0a56346d
(0.23.22)
NOTE: Introduced in
https://github.com/p11-glue/p11-kit/commit/ba49b85ecf280e7fb6eec96c3ef33c50122e75a6
(0.23.6)
CVE-2020-29362 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. A
heap-base ...)
+ {DSA-4822-1}
- p11-kit 0.23.22-1
NOTE:
https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE:
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc
NOTE:
https://github.com/p11-glue/p11-kit/commit/bda2f543ff8e0195c90e849379ef1585d00677bc
(0.23.22)
NOTE: Introduced in
https://github.com/p11-glue/p11-kit/commit/c785ab66890ad7b73c556d6afdf2bb8a32dd50e2
(0.21.1)
CVE-2020-29361 (An issue was discovered in p11-kit 0.21.1 through 0.23.21.
Multiple in ...)
+ {DSA-4822-1}
- p11-kit 0.23.22-1
NOTE:
https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html
NOTE:
https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
@@ -17873,8 +17942,8 @@ CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the
page preview feature allows
NOT-FOR-US: FUEL CMS
CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the
file descr ...)
NOT-FOR-US: qdPM
-CVE-2020-26165
- RESERVED
+CVE-2020-26165 (qdPM through 9.1 allows PHP Object Injection via
timeReportActions::ex ...)
+ TODO: check
CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an
attacker on the ...)
- kdeconnect 20.08.2-1 (bug #971736)
[buster] - kdeconnect <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c670ae5122fd0e8b5cda7eb42b0b03a7e3e4ab6d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c670ae5122fd0e8b5cda7eb42b0b03a7e3e4ab6d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
