diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-09-19 13:41:42 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-09-19 13:41:42 +0200 |
| commit | 1d23189b39ab0262f5f9de80adf2ea23f0d83ca4 (patch) | |
| tree | bdf833a6717ec13439e44e33021a4dc4f75cf596 | |
| parent | 11a9dc603e3d34cad9972ff7466c38539935ef13 (diff) | |
NFUs
resteasy bug
| -rw-r--r-- | data/CVE/2020.list | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 59073e4eef..1f75abcb67 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -47,7 +47,8 @@ CVE-2020-25758 CVE-2020-25757 RESERVED CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...) - TODO: check + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2020-25755 RESERVED CVE-2020-25754 @@ -300,10 +301,9 @@ CVE-2020-25634 RESERVED NOT-FOR-US: 3scale CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...) - - resteasy <unfixed> + - resteasy <unfixed> (bug #970585) - resteasy3.0 <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042 - TODO: check details, affects all RESTEasy versions up to 4.5.6.Final CVE-2020-25632 RESERVED CVE-2020-25631 @@ -2155,7 +2155,7 @@ CVE-2020-24755 CVE-2020-24754 RESERVED CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR Run-time (ooc ...) - TODO: check + NOT-FOR-US: Objective Open CBOR Run-time CVE-2020-24752 RESERVED CVE-2020-24751 @@ -26599,7 +26599,7 @@ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later - gitlab <not-affected> (Only affects GitLab 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) - TODO: check + NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) @@ -39069,7 +39069,7 @@ CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2 [buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 m ...) - TODO: check + NOT-FOR-US: TypeORM CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...) NOT-FOR-US: UniFi Cloud Key CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) @@ -39560,7 +39560,7 @@ CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 CVE-2020-7946 RESERVED CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...) - TODO: check + NOT-FOR-US: Puppet Enterprise CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) |