Changeset View
Changeset View
Standalone View
Standalone View
head/security/vuxml/vuln.xml
- This file is larger than 256 KB, so syntax highlighting is disabled by default.
| Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | |||||
| Help is also available from ports-security@freebsd.org. | Help is also available from ports-security@freebsd.org. | ||||
| Notes: | Notes: | ||||
| * Please add new entries to the beginning of this file. | * Please add new entries to the beginning of this file. | ||||
| * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | ||||
| --> | --> | ||||
| <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | ||||
| <vuln vid="50259d8b-243e-11eb-8bae-b42e99975750"> | |||||
| <topic>salt -- multiple vulnerabilities</topic> | |||||
| <affects> | |||||
| <package> | |||||
| <name>py36-salt</name> | |||||
| <name>py37-salt</name> | |||||
| <name>py38-salt</name> | |||||
| <range><ge>3002</ge><lt>3002.1</lt></range> | |||||
| </package> | |||||
| </affects> | |||||
| <description> | |||||
| <body xmlns="http://www.w3.org/1999/xhtml"> | |||||
| <p>SaltStack reports multiple security vulnerabilities in Salt 3002:</p> | |||||
| <blockquote cite="https://docs.saltstack.com/en/latest/topics/releases/3002.1.html"> | |||||
| <ul> | |||||
| <li>CVE-2020-16846: Prevent shell injections in netapi ssh client.</li> | |||||
| <li>CVE-2020-17490: Prevent creating world readable private keys with the tls execution module.</li> | |||||
| <li>CVE-2020-25592: Properly validate eauth credentials and tokens along with their ACLs. | |||||
| Prior to this change eauth was not properly validated when calling Salt ssh via the salt-api. | |||||
| Any value for 'eauth' or 'token' would allow a user to bypass authentication and make calls | |||||
| to Salt ssh.</li> | |||||
| </ul> | |||||
| </blockquote> | |||||
| </body> | |||||
| </description> | |||||
| <references> | |||||
| <url>https://docs.saltstack.com/en/latest/topics/releases/3002.1.html</url> | |||||
| <cvename>CVE-2020-16846</cvename> | |||||
| <url>https://nvd.nist.gov/vuln/detail/CVE-2020-16846</url> | |||||
| <cvename>CVE-2020-17490</cvename> | |||||
| <url>https://nvd.nist.gov/vuln/detail/CVE-2020-17490</url> | |||||
| <cvename>CVE-2020-25592</cvename> | |||||
| <url>https://nvd.nist.gov/vuln/detail/CVE-2020-25592</url> | |||||
| </references> | |||||
| <dates> | |||||
| <discovery>2020-11-06</discovery> | |||||
| <entry>2020-11-12</entry> | |||||
| </dates> | |||||
| </vuln> | |||||
| <vuln vid="4f15ca7b-23ae-11eb-9f59-1c1b0d9ea7e6"> | <vuln vid="4f15ca7b-23ae-11eb-9f59-1c1b0d9ea7e6"> | ||||
| <topic>Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents</topic> | <topic>Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents</topic> | ||||
| <affects> | <affects> | ||||
| <package> | <package> | ||||
| <name>apache-openoffice</name> | <name>apache-openoffice</name> | ||||
| <range><lt>4.1.8</lt></range> | <range><lt>4.1.8</lt></range> | ||||
| </package> | </package> | ||||
| <package> | <package> | ||||
| ▲ Show 20 Lines • Show All 65,527 Lines • Show Last 20 Lines | |||||