[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Oct 19 14:59:39 BST 2020



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe1a5fe2 by Moritz Muehlenhoff at 2020-10-19T15:59:21+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2020-27199
 CVE-2020-27198
 	RESERVED
 CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ O ...)
-	TODO: check
+	NOT-FOR-US: TAXII libtaxii
 CVE-2020-27196
 	RESERVED
 CVE-2020-27195
@@ -637,7 +637,7 @@ CVE-2020-26895
 CVE-2020-26894 (Faulkner Wildlife Issues in the New Millennium 18.0.160 on Windows all ...)
 	NOT-FOR-US: New Millennium
 CVE-2020-26893 (An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor c ...)
-	TODO: check
+	NOT-FOR-US: ClamXAV
 CVE-2020-26892
 	RESERVED
 CVE-2020-26891
@@ -21007,7 +21007,7 @@ CVE-2020-17005
 CVE-2020-17004
 	RESERVED
 CVE-2020-17003 (A remote code execution vulnerability exists when the Base3D rendering ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-17002
 	RESERVED
 CVE-2020-17001
@@ -21023,7 +21023,7 @@ CVE-2020-16997
 CVE-2020-16996
 	RESERVED
 CVE-2020-16995 (An elevation of privilege vulnerability exists in Network Watcher Agen ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16994
 	RESERVED
 CVE-2020-16993
@@ -21135,11 +21135,11 @@ CVE-2020-16941 (An information disclosure vulnerability exists when Microsoft Sh
 CVE-2020-16940 (An elevation of privilege vulnerability exists when the Windows User P ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16939 (An elevation of privilege vulnerability exists when Group Policy impro ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16938 (An information disclosure vulnerability exists when the Windows kernel ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16937 (An information disclosure vulnerability exists when the .NET Framework ...)
-	TODO: check
+	- dotnet-core-3.1 <itp> (bug #968921)
 CVE-2020-16936 (An elevation of privilege vulnerability exists when the Windows Backup ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16935 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -21159,7 +21159,7 @@ CVE-2020-16929 (A remote code execution vulnerability exists in Microsoft Excel
 CVE-2020-16928 (An elevation of privilege vulnerability exists in the way that Microso ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16927 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16926
 	RESERVED
 CVE-2020-16925
@@ -21169,15 +21169,15 @@ CVE-2020-16924 (A remote code execution vulnerability exists when the Windows Je
 CVE-2020-16923 (A remote code execution vulnerability exists in the way that Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16922 (A spoofing vulnerability exists when Windows incorrectly validates fil ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16921 (An information disclosure vulnerability exists in Text Services Framew ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16920 (An elevation of privilege vulnerability exists when the Windows Applic ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16919 (An information disclosure vulnerability exists when the Windows Enterp ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16918 (A remote code execution vulnerability exists when the Base3D rendering ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16917
 	RESERVED
 CVE-2020-16916 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -21185,13 +21185,13 @@ CVE-2020-16916 (An elevation of privilege vulnerability exists when Windows impr
 CVE-2020-16915 (A memory corruption vulnerability exists when Windows Media Foundation ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16914 (An information disclosure vulnerability exists in the way that the Win ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16913 (An elevation of privilege vulnerability exists in Windows when the Win ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16912 (An elevation of privilege vulnerability exists when the Windows Backup ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16911 (A remote code execution vulnerability exists in the way that the Windo ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16910 (A security feature bypass vulnerability exists when Microsoft Windows  ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16909 (An elevation of privilege vulnerability exists in Windows Error Report ...)
@@ -21205,7 +21205,7 @@ CVE-2020-16906
 CVE-2020-16905 (An elevation of privilege vulnerability exists in Windows Error Report ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16904 (An elevation of privilege vulnerability exists in the way Azure Functi ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16903
 	RESERVED
 CVE-2020-16902 (An elevation of privilege vulnerability exists in the Windows Installe ...)
@@ -21219,9 +21219,9 @@ CVE-2020-16899 (A denial of service vulnerability exists when the Windows TCP/IP
 CVE-2020-16898 (A remote code execution vulnerability exists when the Windows TCP/IP s ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16897 (An information disclosure vulnerability exists when NetBIOS over TCP ( ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16896 (An information disclosure vulnerability exists in Remote Desktop Proto ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16895 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16894 (A remote code execution vulnerability exists when Windows Network Addr ...)
@@ -21231,7 +21231,7 @@ CVE-2020-16893
 CVE-2020-16892 (An elevation of privilege vulnerability exists in the way that the Win ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16891 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16890 (An elevation of privilege vulnerability exists when the Windows kernel ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16889 (An information disclosure vulnerability exists when the Windows Kernel ...)
@@ -21241,7 +21241,7 @@ CVE-2020-16888
 CVE-2020-16887 (An elevation of privilege vulnerability exists in the way that the Win ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16886 (A security feature bypass vulnerability exists in the PowerShellGet V2 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16885 (An elevation of privilege vulnerability exists when the Windows Storag ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16884 (A remote code execution vulnerability exists in the way that the IEToE ...)
@@ -21287,7 +21287,7 @@ CVE-2020-16865
 CVE-2020-16864 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16863 (A denial of service vulnerability exists in Windows Remote Desktop Ser ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2020-16862 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
 	NOT-FOR-US: Microsoft
 CVE-2020-16861 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
@@ -25145,13 +25145,13 @@ CVE-2020-15260
 CVE-2020-15259
 	RESERVED
 CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking  ...)
-	TODO: check
+	NOT-FOR-US: Wire app
 CVE-2020-15257
 	RESERVED
 CVE-2020-15256
 	RESERVED
 CVE-2020-15255 (In Anuko Time Tracker before verion 1.19.23.5325, due to not properly  ...)
-	TODO: check
+	NOT-FOR-US: Anuko Time Tracker
 CVE-2020-15254 (Crossbeam is a set of tools for concurrent programming. In crossbeam-c ...)
 	TODO: check
 CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting v ...)
@@ -28880,7 +28880,7 @@ CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows
 CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows  ...)
 	NOT-FOR-US: DEXT5 Editor
 CVE-2020-13893 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sage Eas ...)
-	TODO: check
+	NOT-FOR-US: Sage EasyPay
 CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. ...)
 	NOT-FOR-US: SportsPress plugin for WordPress
 CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...)
@@ -40428,7 +40428,7 @@ CVE-2020-9994
 CVE-2020-9993
 	RESERVED
 CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9991
 	RESERVED
 CVE-2020-9990
@@ -40446,7 +40446,7 @@ CVE-2020-9985
 CVE-2020-9984
 	RESERVED
 CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2020-9982
 	RESERVED
 CVE-2020-9981
@@ -40460,7 +40460,7 @@ CVE-2020-9978
 CVE-2020-9977
 	RESERVED
 CVE-2020-9976 (A logic issue was addressed with improved state management. This issue ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9975
 	RESERVED
 CVE-2020-9974
@@ -40476,7 +40476,7 @@ CVE-2020-9970
 CVE-2020-9969
 	RESERVED
 CVE-2020-9968 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9967
 	RESERVED
 CVE-2020-9966
@@ -40484,7 +40484,7 @@ CVE-2020-9966
 CVE-2020-9965
 	RESERVED
 CVE-2020-9964 (A memory initialization issue was addressed with improved memory handl ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9963
 	RESERVED
 CVE-2020-9962
@@ -40494,9 +40494,9 @@ CVE-2020-9961
 CVE-2020-9960
 	RESERVED
 CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9958 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9957
 	RESERVED
 CVE-2020-9956
@@ -40508,19 +40508,19 @@ CVE-2020-9954
 CVE-2020-9953
 	RESERVED
 CVE-2020-9952 (An input validation issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9951 (A use after free issue was addressed with improved memory management.  ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2020-9950
 	RESERVED
 CVE-2020-9949
 	RESERVED
 CVE-2020-9948 (A type confusion issue was addressed with improved memory handling. Th ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2020-9947
 	RESERVED
 CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9945
 	RESERVED
 CVE-2020-9944
@@ -40540,17 +40540,17 @@ CVE-2020-9938
 CVE-2020-9937
 	RESERVED
 CVE-2020-9936 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9935
 	RESERVED
 CVE-2020-9934 (An issue existed in the handling of environment variables. This issue  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9932
 	RESERVED
 CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9930
 	RESERVED
 CVE-2020-9929
@@ -40571,7 +40571,7 @@ CVE-2020-9925 (A logic issue was addressed with improved state management. This
 CVE-2020-9924
 	RESERVED
 CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9922
 	RESERVED
 CVE-2020-9921
@@ -40581,11 +40581,11 @@ CVE-2020-9920
 CVE-2020-9919
 	RESERVED
 CVE-2020-9918 (An out-of-bounds read was addressed with improved input validation. Th ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9917 (This issue was addressed with improved checks. This issue is fixed in  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9916 (A URL Unicode encoding issue was addressed with improved state managem ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9915 (An access issue existed in Content Security Policy. This issue was add ...)
 	{DSA-4739-1}
 	- webkit2gtk 2.28.4-1
@@ -40594,21 +40594,21 @@ CVE-2020-9915 (An access issue existed in Content Security Policy. This issue wa
 	- wpewebkit 2.28.4-1
 	NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
 CVE-2020-9914 (An input validation issue existed in Bluetooth. This issue was address ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9913 (This issue was addressed with improved data protection. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9912 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2020-9911 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2020-9910 (Multiple issues were addressed with improved logic. This issue is fixe ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2020-9909 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9908
 	RESERVED
 CVE-2020-9907 (A memory corruption issue was addressed by removing the vulnerable cod ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9906
 	RESERVED
 CVE-2020-9905
@@ -40616,7 +40616,7 @@ CVE-2020-9905
 CVE-2020-9904
 	RESERVED
 CVE-2020-9903 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2020-9902
 	RESERVED
 CVE-2020-9901
@@ -40655,21 +40655,21 @@ CVE-2020-9893 (A use after free issue was addressed with improved memory managem
 CVE-2020-9892
 	RESERVED
 CVE-2020-9891 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9889 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9888 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9887
 	RESERVED
 CVE-2020-9886
 	RESERVED
 CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue was r ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9884 (An out-of-bounds write issue was addressed with improved bounds checki ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9883
 	RESERVED
 CVE-2020-9882
@@ -40681,7 +40681,7 @@ CVE-2020-9880
 CVE-2020-9879
 	RESERVED
 CVE-2020-9878 (A buffer overflow issue was addressed with improved memory handling. T ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9877
 	RESERVED
 CVE-2020-9876
@@ -40697,7 +40697,7 @@ CVE-2020-9872
 CVE-2020-9871
 	RESERVED
 CVE-2020-9870 (A logic issue was addressed with improved validation. This issue is fi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9869
 	RESERVED
 CVE-2020-9868
@@ -40707,9 +40707,9 @@ CVE-2020-9867
 CVE-2020-9866
 	RESERVED
 CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerable cod ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9863
 	RESERVED
 CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue was add ...)
@@ -40879,7 +40879,7 @@ CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issu
 CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...)
 	NOT-FOR-US: Apple
 CVE-2020-9799 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2020-9798
 	RESERVED
 CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe1a5fe2ce1c2d18833a4d1a1fa5f51fc3fca5c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe1a5fe2ce1c2d18833a4d1a1fa5f51fc3fca5c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201019/c8ff44ae/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list