[Git][security-tracker-team/security-tracker][master] NFUs / kfreebsd issues

Wed, 07 Apr 2021 04:35:42 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6ee3651e by Moritz Muehlenhoff at 2021-04-07T13:35:05+02:00
NFUs / kfreebsd issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40819,19 +40819,19 @@ CVE-2020-25585
 CVE-2020-25584
        RESERVED
 CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before 
r368253, 12. ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before 
r369335, 12. ...)
-       TODO: check
+       - kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-25581 (In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before 
r369313, 12. ...)
-       TODO: check
+       - kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-25580 (In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before 
r369345, 12. ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2020-25579 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before 
r369047, 12. ...)
-       TODO: check
+       - kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-25578 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before 
r369047, 12. ...)
-       TODO: check
+       - kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-25577 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before 
r368253, 12. ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2020-25572
        RESERVED
 CVE-2020-25571
@@ -43472,7 +43472,7 @@ CVE-2020-24392 (In voloko twitter-stream 0.1.10, 
missing TLS hostname validation
        [stretch] - ruby-twitter-stream <no-dsa> (Minor issue)
        NOTE: 
https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
 CVE-2020-24391 (mongo-express before 1.0.0 offers support for certain advanced 
syntax  ...)
-       TODO: check
+       NOT-FOR-US: mongo-express
 CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape 
the user ...)
        NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2020-24389
@@ -45263,7 +45263,7 @@ CVE-2020-23535
 CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in 
Upgrade.php of g ...)
        NOT-FOR-US: gopeak masterlab
 CVE-2020-23533 (Union Pay up to 1.2.0, for web based versions contains a 
CWE-347: Impr ...)
-       TODO: check
+       NOT-FOR-US: Union Pay
 CVE-2020-23532
        RESERVED
 CVE-2020-23531
@@ -49164,7 +49164,7 @@ CVE-2020-21587
 CVE-2020-21586
        RESERVED
 CVE-2020-21585 (Vulnerability in emlog v6.0.0 allows user to upload webshells 
via zip  ...)
-       TODO: check
+       NOT-FOR-US: emlog
 CVE-2020-21584
        RESERVED
 CVE-2020-21583
@@ -53101,7 +53101,7 @@ CVE-2020-19627
 CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, 
allows re ...)
        NOT-FOR-US: craftcms
 CVE-2020-19625 (Remote Code Execution Vulnerability in 
tests/support/stores/test_grid_ ...)
-       TODO: check
+       NOT-FOR-US: oria gridx
 CVE-2020-19624
        RESERVED
 CVE-2020-19623
@@ -53125,7 +53125,7 @@ CVE-2020-19615
 CVE-2020-19614
        RESERVED
 CVE-2020-19613 (Server Side Request Forgery (SSRF) vulnerability in saveUrlAs 
function ...)
-       TODO: check
+       NOT-FOR-US: sunkaifei FlyCMS
 CVE-2020-19612
        RESERVED
 CVE-2020-19611
@@ -63247,7 +63247,7 @@ CVE-2020-15077
 CVE-2020-15076
        RESERVED
 CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older 
may corrup ...)
-       TODO: check
+       NOT-FOR-US: OpenVPN Connect installer for macOS
 CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new 
user auth ...)
        NOT-FOR-US: OpenVPN Access Server
 CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS 
vulnerability ...)
@@ -67929,15 +67929,15 @@ CVE-2020-13424 (The XCloner component before 3.5.4 
for Joomla! allows Authentica
 CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that 
can be exp ...)
        NOT-FOR-US: Form Builder for Magento
 CVE-2020-13422 (OpenIAM before 4.2.0.3 does not verify if a user has 
permissions to pe ...)
-       TODO: check
+       NOT-FOR-US: OpenIAM
 CVE-2020-13421 (OpenIAM before 4.2.0.3 has Incorrect Access Control for the 
Create Use ...)
-       TODO: check
+       NOT-FOR-US: OpenIAM
 CVE-2020-13420 (OpenIAM before 4.2.0.3 allows remote attackers to execute 
arbitrary co ...)
-       TODO: check
+       NOT-FOR-US: OpenIAM
 CVE-2020-13419 (OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch 
task. ...)
-       TODO: check
+       NOT-FOR-US: OpenIAM
 CVE-2020-13418 (OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. 
...)
-       TODO: check
+       NOT-FOR-US: OpenIAM
 CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN 
Client  ...)
        NOT-FOR-US: Aviatrix
 CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 
5.4.1066. A Cont ...)
@@ -84682,21 +84682,21 @@ CVE-2020-7470 (Sonoff TH 10 and 16 devices with 
firmware 6.6.0.21 allows XSS via
 CVE-2020-7469
        RESERVED
 CVE-2020-7468 (In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before 
r365773, 12. ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD ftpd
 CVE-2020-7467 (In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before 
r365769, 12. ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2020-7466 (The PPP implementation of MPD before 5.9 allows a remote 
attacker who  ...)
        NOT-FOR-US: MPD (FreeBSD PPP daemon)
 CVE-2020-7465 (The L2TP implementation of MPD before 5.9 allows a remote 
attacker who ...)
        NOT-FOR-US: MPD (FreeBSD PPP daemon)
 CVE-2020-7464 (In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before 
r365738, 12. ...)
-       TODO: check
+       - kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-7463 (In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before 
r364651, 12. ...)
-       TODO: check
+       - kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-7462 (In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, 
imprope ...)
-       TODO: check
+       - kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-7461 (In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before 
r365011, 12. ...)
-       TODO: check
+       NOT-FOR-US: FreeBSD
 CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 
11.4-ST ...)
        NOT-FOR-US: FreeBSD
 CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 
11.4-ST ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee3651ee7b426d5a56026580483c4b37412f124

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee3651ee7b426d5a56026580483c4b37412f124
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to