[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Fri Oct 23 11:13:49 BST 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9c885a08 by Moritz Muehlenhoff at 2020-10-23T12:13:24+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2054,7 +2054,7 @@ CVE-2020-26889
CVE-2020-26888
RESERVED
CVE-2020-26887 (FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Reb ...)
- TODO: check
+ NOT-FOR-US: Fritz OS
CVE-2020-26886
RESERVED
CVE-2020-26885
@@ -2756,7 +2756,7 @@ CVE-2020-26563
CVE-2020-26562
RESERVED
CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_ ...)
- TODO: check
+ NOT-FOR-US: Belkin
CVE-2020-26560
RESERVED
CVE-2020-26559
@@ -5824,7 +5824,7 @@ CVE-2020-25188 (An attacker who convinces a valid user to open a specially craft
CVE-2020-25187
RESERVED
CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
- TODO: check
+ NOT-FOR-US: LeviStudioU Release
CVE-2020-25185
RESERVED
CVE-2020-25184
@@ -8311,7 +8311,7 @@ CVE-2020-24035
CVE-2020-24034 (Sagemcom F at ST 5280 routers using firmware version 1.150.61 have insecu ...)
NOT-FOR-US: Sagemcom F at ST 5280 routers
CVE-2020-24033 (An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The f ...)
- TODO: check
+ NOT-FOR-US: fs.com S3900
CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...)
NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
CVE-2020-24031
@@ -20124,7 +20124,7 @@ CVE-2020-18131
CVE-2020-18130
RESERVED
CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an ad ...)
- TODO: check
+ NOT-FOR-US: Eyoucms
CVE-2020-18128
RESERVED
CVE-2020-18127
@@ -26572,7 +26572,7 @@ CVE-2020-15272
CVE-2020-15271
RESERVED
CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...)
- TODO: check
+ NOT-FOR-US: Node parse-server
CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...)
NOT-FOR-US: Spree
CVE-2020-15268
@@ -27213,11 +27213,11 @@ CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and
[stretch] - mediawiki <postponed> (Minor issue)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2020-15003 (OX App Suite through 7.10.3 allows Information Exposure because a user ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2020-15002 (OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/me ...)
- TODO: check
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...)
NOT-FOR-US: Yubico YubiKey 5 NFC devices
CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...)
@@ -36278,7 +36278,7 @@ CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation B
CVE-2020-11854
RESERVED
CVE-2020-11853 (An arbitrary code execution vulnerability exists in Micro Focus Operat ...)
- TODO: check
+ NOT-FOR-US: Micro Focus
CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...)
NOT-FOR-US: Micro Focus
CVE-2020-11851
@@ -41909,13 +41909,13 @@ CVE-2020-9999
CVE-2020-9998
RESERVED
CVE-2020-9997 (An information disclosure issue was addressed with improved state mana ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9996
RESERVED
CVE-2020-9995
RESERVED
CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9993
RESERVED
CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...)
@@ -41923,7 +41923,7 @@ CVE-2020-9992 (This issue was addressed by encrypting communications over the ne
CVE-2020-9991
RESERVED
CVE-2020-9990 (A race condition was addressed with additional validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9989
RESERVED
CVE-2020-9988
@@ -41931,11 +41931,11 @@ CVE-2020-9988
CVE-2020-9987
RESERVED
CVE-2020-9986 (A file access issue existed with certain home folder files. This was a ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9984 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Safari
CVE-2020-9982
@@ -41943,7 +41943,7 @@ CVE-2020-9982
CVE-2020-9981
RESERVED
CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9979
RESERVED
CVE-2020-9978
@@ -42023,17 +42023,17 @@ CVE-2020-9942
CVE-2020-9941
RESERVED
CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9938 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9937 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9936 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2020-9935 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9934 (An issue existed in the handling of environment variables. This issue ...)
NOT-FOR-US: Apple
CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...)
@@ -42045,11 +42045,11 @@ CVE-2020-9931 (A denial of service issue was addressed with improved input valid
CVE-2020-9930
RESERVED
CVE-2020-9929 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9928 (Multiple memory corruption issues were addressed with improved memory ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9927 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9926
RESERVED
CVE-2020-9925 (A logic issue was addressed with improved state management. This issue ...)
@@ -42060,17 +42060,17 @@ CVE-2020-9925 (A logic issue was addressed with improved state management. This
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
CVE-2020-9924 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2020-9922
RESERVED
CVE-2020-9921 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9920 (A path handling issue was addressed with improved validation. This iss ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9919 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9918 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-9917 (This issue was addressed with improved checks. This issue is fixed in ...)
@@ -42097,27 +42097,27 @@ CVE-2020-9910 (Multiple issues were addressed with improved logic. This issue is
CVE-2020-9909 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9908 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9907 (A memory corruption issue was addressed by removing the vulnerable cod ...)
NOT-FOR-US: Apple
CVE-2020-9906 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9905 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9904 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9903 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Safari
CVE-2020-9902 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9901 (An issue existed within the path validation logic for symlinks. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9900 (An issue existed within the path validation logic for symlinks. This i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9899 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9897
RESERVED
CVE-2020-9896
@@ -42144,7 +42144,7 @@ CVE-2020-9893 (A use after free issue was addressed with improved memory managem
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
CVE-2020-9892 (Multiple memory corruption issues were addressed with improved state m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9891 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
@@ -42154,7 +42154,7 @@ CVE-2020-9889 (An out-of-bounds write issue was addressed with improved bounds c
CVE-2020-9888 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9887 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9886
RESERVED
CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue was r ...)
@@ -42162,37 +42162,37 @@ CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue
CVE-2020-9884 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2020-9883 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9882 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9881 (A buffer overflow issue was addressed with improved memory handling. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9880 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9879 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9878 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2020-9877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9876 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9875 (An integer overflow was addressed through improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9874 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9873 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9872 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9871 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9870 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2020-9869 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9868 (A certificate validation issue existed when processing administrator a ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9867
RESERVED
CVE-2020-9866
@@ -43474,7 +43474,7 @@ CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 tr
NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0)
NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0)
CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local use ...)
- TODO: check
+ NOT-FOR-US: CryptoPro CSP
CVE-2020-9360
RESERVED
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
@@ -43554,7 +43554,7 @@ CVE-2020-9333
CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...)
NOT-FOR-US: FabulaTech
CVE-2020-9331 (CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Pri ...)
- TODO: check
+ NOT-FOR-US: CryptoPro CSP
CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...)
NOT-FOR-US: Xerox
CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c885a0882a6a9102f00ae647f5539c1f69c74b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9c885a0882a6a9102f00ae647f5539c1f69c74b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201023/cc48b11c/attachment.html>
More information about the debian-security-tracker-commits
mailing list