[Git][security-tracker-team/security-tracker][master] NFUs / kfreebsd issues

Wed Apr 7 12:35:33 BST 2021


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6ee3651e by Moritz Muehlenhoff at 2021-04-07T13:35:05+02:00
NFUs / kfreebsd issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40819,19 +40819,19 @@ CVE-2020-25585
 CVE-2020-25584
 	RESERVED
 CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-25581 (In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12. ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-25580 (In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12. ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2020-25579 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-25578 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-25577 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2020-25572
 	RESERVED
 CVE-2020-25571
@@ -43472,7 +43472,7 @@ CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation
 	[stretch] - ruby-twitter-stream <no-dsa> (Minor issue)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
 CVE-2020-24391 (mongo-express before 1.0.0 offers support for certain advanced syntax  ...)
-	TODO: check
+	NOT-FOR-US: mongo-express
 CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...)
 	NOT-FOR-US: EyesOfNetwork (EON)
 CVE-2020-24389
@@ -45263,7 +45263,7 @@ CVE-2020-23535
 CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in Upgrade.php of g ...)
 	NOT-FOR-US: gopeak masterlab
 CVE-2020-23533 (Union Pay up to 1.2.0, for web based versions contains a CWE-347: Impr ...)
-	TODO: check
+	NOT-FOR-US: Union Pay
 CVE-2020-23532
 	RESERVED
 CVE-2020-23531
@@ -49164,7 +49164,7 @@ CVE-2020-21587
 CVE-2020-21586
 	RESERVED
 CVE-2020-21585 (Vulnerability in emlog v6.0.0 allows user to upload webshells via zip  ...)
-	TODO: check
+	NOT-FOR-US: emlog
 CVE-2020-21584
 	RESERVED
 CVE-2020-21583
@@ -53101,7 +53101,7 @@ CVE-2020-19627
 CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...)
 	NOT-FOR-US: craftcms
 CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...)
-	TODO: check
+	NOT-FOR-US: oria gridx
 CVE-2020-19624
 	RESERVED
 CVE-2020-19623
@@ -53125,7 +53125,7 @@ CVE-2020-19615
 CVE-2020-19614
 	RESERVED
 CVE-2020-19613 (Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function ...)
-	TODO: check
+	NOT-FOR-US: sunkaifei FlyCMS
 CVE-2020-19612
 	RESERVED
 CVE-2020-19611
@@ -63247,7 +63247,7 @@ CVE-2020-15077
 CVE-2020-15076
 	RESERVED
 CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...)
-	TODO: check
+	NOT-FOR-US: OpenVPN Connect installer for macOS
 CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new user auth ...)
 	NOT-FOR-US: OpenVPN Access Server
 CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...)
@@ -67929,15 +67929,15 @@ CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authentica
 CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...)
 	NOT-FOR-US: Form Builder for Magento
 CVE-2020-13422 (OpenIAM before 4.2.0.3 does not verify if a user has permissions to pe ...)
-	TODO: check
+	NOT-FOR-US: OpenIAM
 CVE-2020-13421 (OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create Use ...)
-	TODO: check
+	NOT-FOR-US: OpenIAM
 CVE-2020-13420 (OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary co ...)
-	TODO: check
+	NOT-FOR-US: OpenIAM
 CVE-2020-13419 (OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. ...)
-	TODO: check
+	NOT-FOR-US: OpenIAM
 CVE-2020-13418 (OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. ...)
-	TODO: check
+	NOT-FOR-US: OpenIAM
 CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client  ...)
 	NOT-FOR-US: Aviatrix
 CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...)
@@ -84682,21 +84682,21 @@ CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via
 CVE-2020-7469
 	RESERVED
 CVE-2020-7468 (In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12. ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD ftpd
 CVE-2020-7467 (In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12. ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2020-7466 (The PPP implementation of MPD before 5.9 allows a remote attacker who  ...)
 	NOT-FOR-US: MPD (FreeBSD PPP daemon)
 CVE-2020-7465 (The L2TP implementation of MPD before 5.9 allows a remote attacker who ...)
 	NOT-FOR-US: MPD (FreeBSD PPP daemon)
 CVE-2020-7464 (In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12. ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-7463 (In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12. ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-7462 (In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, imprope ...)
-	TODO: check
+	- kfreebsd-10 <unfixed> (unimportant)
 CVE-2020-7461 (In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12. ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-ST ...)
 	NOT-FOR-US: FreeBSD
 CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee3651ee7b426d5a56026580483c4b37412f124

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6ee3651ee7b426d5a56026580483c4b37412f124
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210407/425deca5/attachment.htm>
