Date: Thu, 7 Nov 2019 12:09:25 +0000 (UTC) From: Dmitri Goutnik <dmgk@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r516967 - head/security/vuxml Message-ID: <201911071209.xA7C9PZB042081@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dmgk Date: Thu Nov 7 12:09:25 2019 New Revision: 516967 URL: https://svnweb.freebsd.org/changeset/ports/516967 Log: security/vuxml: Document nexus2-oss vulnerabilities PR: 241308 Approved by: tz (mentor, implicit) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Nov 7 11:58:29 2019 (r516966) +++ head/security/vuxml/vuln.xml Thu Nov 7 12:09:25 2019 (r516967) @@ -58,6 +58,46 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="b2f9573a-008c-11ea-9801-10c37b4ac2ea"> + <topic>nexus2-oss -- Multiple vulerabilities</topic> + <affects> + <package> + <name>nexus2-oss</name> + <range><lt>2.14.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Sonatype reports:</p> + <blockquote cite="https://help.sonatype.com/repomanager2/release-notes/2019-release-notes#id-2019ReleaseNotes-RepositoryManager2.14.15">; + <p>Several RCE vulnerabilities have been found and corrected in 2.14.15:</p> + <p>CVE-2019-16530: An attacker with elevated privileges can upload a + specially crafted file. That file can contain commands that will + be executed on the system, with the same privileges as the user + running the server.</p> + <p>CVE-2019-15893: A Remote Code Execution vulnerability has been + discovered in Nexus Repository Manager requiring immediate + action. The vulnerability allows for an attacker with + administrative access to NXRM to create repostories that can + grant access to read/execute system data outside the scope of + NXRM.</p> + <p>CVE-2019-5475: A vulnerability has been found that can allow + user's with administrative privileges to run processes on the + target server, that the nxrm os user has access to.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2019-16530</cvename> + <cvename>CVE-2019-15893</cvename> + <cvename>CVE-2019-5475</cvename> + </references> + <dates> + <discovery>2019-09-19</discovery> + <entry>2019-11-07</entry> + </dates> + </vuln> + <vuln vid="6a7c2ab0-00dd-11ea-83ce-705a0f828759"> <topic>php -- env_path_info underflow in fpm_main.c can lead to RCE</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911071209.xA7C9PZB042081>