[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 10 08:34:52 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
88d87ff9 by Salvatore Bonaccorso at 2020-12-10T09:32:36+01:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2632,11 +2632,11 @@ CVE-2020-29261
CVE-2020-29260
RESERVED
CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination System ...)
- TODO: check
+ NOT-FOR-US: Online Examination System
CVE-2020-29258 (Cross-site scripting (XSS) vulnerability in Online Examination System ...)
- TODO: check
+ NOT-FOR-US: Online Examination System
CVE-2020-29257 (Cross-site scripting (XSS) vulnerability in Online Examination System ...)
- TODO: check
+ NOT-FOR-US: Online Examination System
CVE-2020-29256
RESERVED
CVE-2020-29255
@@ -8165,17 +8165,17 @@ CVE-2020-27932 (A type confusion issue was addressed with improved state handlin
CVE-2020-27931
RESERVED
CVE-2020-27930 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27929 (A logic issue existed in the handling of Group FaceTime calls. The iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27928
RESERVED
CVE-2020-27927 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27926 (A use after free issue was addressed with improved memory management. ...)
TODO: check
CVE-2020-27925 (An issue existed in the handling of incoming calls. The issue was addr ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27924
RESERVED
CVE-2020-27923
@@ -8219,7 +8219,7 @@ CVE-2020-27905 (A memory corruption issue was addressed with improved state mana
CVE-2020-27904 (A logic issue existed resulting in memory corruption. This was address ...)
TODO: check
CVE-2020-27903 (This issue was addressed by removing the vulnerable code. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27902 (An authentication issue was addressed with improved state management. ...)
TODO: check
CVE-2020-27901
@@ -9634,7 +9634,7 @@ CVE-2020-27616 (ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an
CVE-2020-27615 (The Loginizer plugin before 1.6.4 for WordPress allows SQL injection ( ...)
NOT-FOR-US: Loginizer plugin for WordPress
CVE-2020-27614 (AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the ...)
- TODO: check
+ NOT-FOR-US: AnyDesk for macOS
CVE-2020-27638 (receive.c in fastd before v21 allows denial of service (assertion fail ...)
{DLA-2414-1}
- fastd 21-1 (bug #972521)
@@ -12592,7 +12592,7 @@ CVE-2020-26262
CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-user note ...)
TODO: check
CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...)
- TODO: check
+ NOT-FOR-US: BookStack
CVE-2020-26259
RESERVED
CVE-2020-26258
@@ -14524,7 +14524,7 @@ CVE-2020-25501
CVE-2020-25500
RESERVED
CVE-2020-25499 (TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote use ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2020-25498
RESERVED
CVE-2020-25497
@@ -16848,9 +16848,9 @@ CVE-2020-24447
CVE-2020-24446
RESERVED
CVE-2020-24445 (AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24444 (AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2020-24443 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...)
NOT-FOR-US: Adobe
CVE-2020-24442 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...)
@@ -31582,29 +31582,29 @@ CVE-2020-17161
CVE-2020-17160 (, aka 'RETRACTED'. ...)
TODO: check
CVE-2020-17159 (, aka 'Visual Studio Code Java Extension Pack Remote Code Execution Vu ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17158 (, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17157
RESERVED
CVE-2020-17156 (, aka 'Visual Studio Remote Code Execution Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17155
RESERVED
CVE-2020-17154
RESERVED
CVE-2020-17153 (, aka 'Microsoft Edge for Android Spoofing Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17152 (, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17151
RESERVED
CVE-2020-17150 (, aka 'Visual Studio Code Remote Code Execution Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17149
RESERVED
CVE-2020-17148 (, aka 'Visual Studio Code Remote Development Extension Remote Code Exe ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17147 (, aka 'Dynamics CRM Webclient Cross-site Scripting Vulnerability'. ...)
TODO: check
CVE-2020-17146
@@ -31612,13 +31612,13 @@ CVE-2020-17146
CVE-2020-17145 (, aka 'Azure DevOps Server and Team Foundation Services Spoofing Vulne ...)
TODO: check
CVE-2020-17144 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17143 (, aka 'Microsoft Exchange Information Disclosure Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17142 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17141 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17140 (, aka 'Windows SMB Information Disclosure Vulnerability'. ...)
TODO: check
CVE-2020-17139 (, aka 'Windows Overlay Filter Security Feature Bypass Vulnerability'. ...)
@@ -31632,45 +31632,45 @@ CVE-2020-17136 (, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privi
CVE-2020-17135 (, aka 'Azure DevOps Server Spoofing Vulnerability'. ...)
TODO: check
CVE-2020-17134 (, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17133 (, aka 'Microsoft Dynamics Business Central/NAV Information Disclosure' ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17132 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17131 (, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17130 (, aka 'Microsoft Excel Security Feature Bypass Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17129 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17128 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17127 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17126 (, aka 'Microsoft Excel Information Disclosure Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17125 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17124 (, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17123 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17122 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17121 (, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17120 (, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17119 (, aka 'Microsoft Outlook Information Disclosure Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17118 (, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17117 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17116
RESERVED
CVE-2020-17115 (, aka 'Microsoft SharePoint Spoofing Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17114
RESERVED
CVE-2020-17113 (Windows Camera Codec Information Disclosure Vulnerability ...)
@@ -31694,7 +31694,7 @@ CVE-2020-17105 (AV1 Video Extension Remote Code Execution Vulnerability ...)
CVE-2020-17104 (Visual Studio Code JSHint Extension Remote Code Execution Vulnerabilit ...)
NOT-FOR-US: Microsoft
CVE-2020-17103 (, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege V ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17102 (WebP Image Extensions Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17101 (HEIF Image Extensions Remote Code Execution Vulnerability ...)
@@ -31702,11 +31702,11 @@ CVE-2020-17101 (HEIF Image Extensions Remote Code Execution Vulnerability ...)
CVE-2020-17100 (Visual Studio Tampering Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17099 (, aka 'Windows Lock Screen Security Feature Bypass Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17098 (, aka 'Windows GDI+ Information Disclosure Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17097 (, aka 'Windows Digital Media Receiver Elevation of Privilege Vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17096 (, aka 'Windows NTFS Remote Code Execution Vulnerability'. ...)
TODO: check
CVE-2020-17095 (, aka 'Hyper-V Remote Code Execution Vulnerability'. ...)
@@ -31716,13 +31716,13 @@ CVE-2020-17094 (, aka 'Windows Error Reporting Information Disclosure Vulnerabil
CVE-2020-17093
RESERVED
CVE-2020-17092 (, aka 'Windows Network Connections Service Elevation of Privilege Vuln ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17091 (Microsoft Teams Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17090 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17089 (, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-17088 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
CVE-2020-17087 (Windows Kernel Local Elevation of Privilege Vulnerability ...)
@@ -31972,19 +31972,19 @@ CVE-2020-16966
CVE-2020-16965
RESERVED
CVE-2020-16964 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16963 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16962 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16961 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16960 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16959 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16958 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-16957 (A remote code execution vulnerability exists when the Microsoft Office ...)
NOT-FOR-US: Microsoft
CVE-2020-16956 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88d87ff999facb011522c98051caff3330a0d167
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88d87ff999facb011522c98051caff3330a0d167
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201210/96811052/attachment.html>
More information about the debian-security-tracker-commits
mailing list