From 0bbd0fa63cef12361f0d9185213ea7460a4b1b4f Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Sat, 19 Sep 2020 13:41:42 +0200 Subject: NFUs resteasy bug --- data/CVE/list | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 0cbd947f2d..6341c5212f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -47,7 +47,8 @@ CVE-2020-25758 CVE-2020-25757 RESERVED CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...) - TODO: check + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2020-25755 RESERVED CVE-2020-25754 @@ -300,10 +301,9 @@ CVE-2020-25634 RESERVED NOT-FOR-US: 3scale CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...) - - resteasy + - resteasy (bug #970585) - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042 - TODO: check details, affects all RESTEasy versions up to 4.5.6.Final CVE-2020-25632 RESERVED CVE-2020-25631 @@ -2192,7 +2192,7 @@ CVE-2020-24755 CVE-2020-24754 RESERVED CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR Run-time (ooc ...) - TODO: check + NOT-FOR-US: Objective Open CBOR Run-time CVE-2020-24752 RESERVED CVE-2020-24751 @@ -27188,7 +27188,7 @@ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later - gitlab (Only affects GitLab 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) - TODO: check + NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) @@ -41488,7 +41488,7 @@ CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2 [buster] - ruby-actionpack-page-caching (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 m ...) - TODO: check + NOT-FOR-US: TypeORM CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...) NOT-FOR-US: UniFi Cloud Key CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) @@ -42047,7 +42047,7 @@ CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 CVE-2020-7946 RESERVED CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...) - TODO: check + NOT-FOR-US: Puppet Enterprise CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) -- cgit v1.2.3