[Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff
jmm at debian.org
Wed Oct 28 14:02:21 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f600595b by Moritz Muehlenhoff at 2020-10-28T15:01:53+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2020-27959
CVE-2020-27958
RESERVED
CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was not proper ...)
- TODO: check
+ NOT-FOR-US: MediaWiki extension
CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...)
NOT-FOR-US: SourceCodester Car Rental Management System
CVE-2020-27955
@@ -159,7 +159,7 @@ CVE-2020-27890 (The Zigbee protocol implementation on Texas Instruments CC2538 d
CVE-2020-27889
RESERVED
CVE-2020-27888 (An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC- ...)
- TODO: check
+ NOT-FOR-US: Ubiquiti
CVE-2021-0300
RESERVED
CVE-2021-0299
@@ -429,7 +429,7 @@ CVE-2020-27855
CVE-2020-27854
RESERVED
CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a denial of se ...)
- TODO: check
+ NOT-FOR-US: Wire app
CVE-2020-27852
RESERVED
CVE-2020-27851
@@ -27363,11 +27363,11 @@ CVE-2020-15276
CVE-2020-15275
RESERVED
CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...)
- TODO: check
+ NOT-FOR-US: Wiki.js
CVE-2020-15273
RESERVED
CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...)
- TODO: check
+ NOT-FOR-US: git-tag-annotation-action
CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...)
- lookatme <unfixed> (bug #972988)
NOTE: https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q
@@ -42767,7 +42767,7 @@ CVE-2020-9981
CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9978
RESERVED
CVE-2020-9977
@@ -42779,7 +42779,7 @@ CVE-2020-9975
CVE-2020-9974
RESERVED
CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9972
RESERVED
CVE-2020-9971
@@ -42803,7 +42803,7 @@ CVE-2020-9963
CVE-2020-9962
RESERVED
CVE-2020-9961 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9960
RESERVED
CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...)
@@ -42843,7 +42843,7 @@ CVE-2020-9943
CVE-2020-9942
RESERVED
CVE-2020-9941 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...)
@@ -42861,7 +42861,7 @@ CVE-2020-9934 (An issue existed in the handling of environment variables. This i
CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...)
NOT-FOR-US: Apple
CVE-2020-9932 (A memory corruption issue was addressed with improved validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-9930
@@ -43018,7 +43018,7 @@ CVE-2020-9868 (A certificate validation issue existed when processing administra
CVE-2020-9867
RESERVED
CVE-2020-9866 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerable cod ...)
NOT-FOR-US: Apple
CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is ...)
@@ -43035,13 +43035,13 @@ CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue wa
CVE-2020-9861
RESERVED
CVE-2020-9860 (A custom URL scheme handling issue was addressed with improved input v ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...)
NOT-FOR-US: Apple
CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...)
NOT-FOR-US: Apple
CVE-2020-9857 (An issue existed in the parsing of URLs. This issue was addressed with ...)
- TODO: check
+ NOT-FOR-US: Safari
CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...)
NOT-FOR-US: Apple
CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...)
@@ -43219,7 +43219,7 @@ CVE-2020-9788 (A validation issue was addressed with improved input sanitization
CVE-2020-9787 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2020-9786 (This issue was addressed with improved checks This issue is fixed in m ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...)
NOT-FOR-US: Apple
CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...)
@@ -43227,7 +43227,7 @@ CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issu
CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2020-9782 (A parsing issue in the handling of directory paths was addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...)
NOT-FOR-US: Apple
CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...)
@@ -43243,7 +43243,7 @@ CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fi
CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...)
NOT-FOR-US: Apple
CVE-2020-9774 (An issue existed with Siri Suggestions access to encrypted data. The i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...)
NOT-FOR-US: Apple
CVE-2020-9772 (A logic issue was addressed with improved restrictions. This issue is ...)
@@ -58569,7 +58569,7 @@ CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixe
CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-3880 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3879
RESERVED
CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...)
@@ -58623,7 +58623,7 @@ CVE-2020-3864 (A logic issue was addressed with improved validation. This issue
- wpewebkit 2.26.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0002.html
CVE-2020-3863 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...)
{DSA-4627-1}
- webkit2gtk 2.26.4-1
@@ -58644,15 +58644,15 @@ CVE-2020-3857 (A memory corruption issue was addressed with improved memory hand
CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-3855 (An access issue was addressed with improved access restrictions. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...)
NOT-FOR-US: Apple
CVE-2020-3852 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Safari
CVE-2020-3851 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...)
@@ -63963,7 +63963,7 @@ CVE-2020-1917
CVE-2020-1916
RESERVED
CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...)
- TODO: check
+ NOT-FOR-US: Facebook Hermes
CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...)
NOT-FOR-US: Facebook Hermes
CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...)
@@ -100829,13 +100829,13 @@ CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal.
CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vuln ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2019-8901 (This issue was addressed by verifying host keys when connecting to a p ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8900
RESERVED
CVE-2019-8899
RESERVED
CVE-2019-8898 (An information disclosure issue existed in the handling of the Storage ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2019-8897
RESERVED
CVE-2019-8896
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f600595b5a03db9f8a7da24c39675f9e78705d91
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f600595b5a03db9f8a7da24c39675f9e78705d91
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201028/335bd5c0/attachment.html>
More information about the debian-security-tracker-commits
mailing list