[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2021-29939/rust-stackvector
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 3 08:29:40 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f88546ae by Salvatore Bonaccorso at 2021-04-03T09:15:43+02:00
Add CVE-2021-29939/rust-stackvector
- - - - -
fb282d80 by Salvatore Bonaccorso at 2021-04-03T09:29:14+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -246,7 +246,7 @@ CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices
CVE-2021-30001
RESERVED
CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...)
- TODO: check
+ NOT-FOR-US: LATRIX
CVE-2021-29999
RESERVED
CVE-2021-29998
@@ -377,13 +377,14 @@ CVE-2021-3481 [Out of bounds read in function QRadialFetchSimd from crafted svg
CVE-2021-29943
RESERVED
CVE-2021-29942 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
- TODO: check
+ NOT-FOR-US: reorder crate
CVE-2021-29941 (An issue was discovered in the reorder crate through 2021-02-24 for Ru ...)
- TODO: check
+ NOT-FOR-US: reorder crate
CVE-2021-29940 (An issue was discovered in the through crate through 2021-02-18 for Ru ...)
TODO: check
CVE-2021-29939 (An issue was discovered in the stackvector crate through 2021-02-19 fo ...)
- TODO: check
+ - rust-stackvector <unfixed>
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0048.html
CVE-2021-29938 (An issue was discovered in the slice-deque crate through 2021-02-19 fo ...)
TODO: check
CVE-2021-29937 (An issue was discovered in the telemetry crate through 2021-02-17 for ...)
@@ -999,9 +1000,9 @@ CVE-2021-29654
CVE-2021-29653
RESERVED
CVE-2021-29652 (Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user s ...)
- TODO: check
+ NOT-FOR-US: Pomerium
CVE-2021-29651 (Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). ...)
- TODO: check
+ NOT-FOR-US: Pomerium
CVE-2021-29650 (An issue was discovered in the Linux kernel before 5.11.11. The netfil ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/175e476b8cdf2a4de7432583b49c871345e4f8a1
@@ -1532,7 +1533,7 @@ CVE-2021-29419
CVE-2021-29418 (The netmask package before 2.0.1 for Node.js mishandles certain unexpe ...)
TODO: check
CVE-2021-29417 (gitjacker before 0.1.0 allows remote attackers to execute arbitrary co ...)
- TODO: check
+ NOT-FOR-US: gitjacker
CVE-2021-29416 (An issue was discovered in PortSwigger Burp Suite before 2021.2. Durin ...)
NOT-FOR-US: Burp Suite (different from src:burp)
CVE-2021-29415
@@ -2585,7 +2586,7 @@ CVE-2021-28942
CVE-2021-28941
RESERVED
CVE-2021-28940 (Because of a incorrect escaped exec command in MagpieRSS in 0.72 in th ...)
- TODO: check
+ NOT-FOR-US: MagpieRSS
CVE-2021-28939
RESERVED
CVE-2021-28938
@@ -4393,9 +4394,9 @@ CVE-2021-28126 (index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) befo
CVE-2021-28125
RESERVED
CVE-2021-28124 (A man-in-the-middle vulnerability in Cohesity DataPlatform support cha ...)
- TODO: check
+ NOT-FOR-US: Cohesity DataPlatform support channel
CVE-2021-28123 (Undocumented Default Cryptographic Key Vulnerability in Cohesity DataP ...)
- TODO: check
+ NOT-FOR-US: Cohesity DataPlatform
CVE-2021-28122 (A request-validation issue was discovered in Open5GS 2.1.3 through 2.2 ...)
NOT-FOR-US: Open5GS
CVE-2021-28121
@@ -6492,7 +6493,7 @@ CVE-2021-27222 (In the "Time in Status" app before 4.13.0 for Jira, remote authe
CVE-2021-27221 (** DISPUTED ** MikroTik RouterOS 6.47.9 allows remote authenticated ft ...)
NOT-FOR-US: MikroTik RouterOS
CVE-2021-27220 (An issue was discovered in PRTG Network Monitor before 21.1.66.1623. B ...)
- TODO: check
+ NOT-FOR-US: PRTG Network Monitor
CVE-2021-27217 (An issue was discovered in the _send_secure_msg() function of Yubico y ...)
NOT-FOR-US: YubiHSM 2 SDK
CVE-2021-27216
@@ -9615,7 +9616,7 @@ CVE-2021-25926
CVE-2021-25925
RESERVED
CVE-2021-25924 (In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: GoCD
CVE-2021-25923
RESERVED
CVE-2021-25922 (In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross- ...)
@@ -16504,7 +16505,7 @@ CVE-2021-22867
CVE-2021-22866
RESERVED
CVE-2021-22865 (An improper access control vulnerability was identified in GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub Enterpr ...)
NOT-FOR-US: GitHub Enterprise
CVE-2021-22863 (An improper access control vulnerability was identified in the GitHub ...)
@@ -17999,7 +18000,7 @@ CVE-2021-22197 (An issue has been discovered in GitLab CE/EE affecting all versi
CVE-2021-22196 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
TODO: check
CVE-2021-22195 (Client side code execution in gitlab-vscode-extension v3.15.0 and earl ...)
- TODO: check
+ NOT-FOR-US: gitlab-vscode-extension
CVE-2021-22194 (In all versions of GitLab starting from 13.7, marshalled session keys ...)
- gitlab <unfixed>
CVE-2021-22193 (An issue has been discovered in GitLab affecting all versions starting ...)
@@ -26874,7 +26875,7 @@ CVE-2021-1881
CVE-2021-1880
RESERVED
CVE-2021-1879 (This issue was addressed by improved management of object lifetimes. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1878
RESERVED
CVE-2021-1877
@@ -27006,7 +27007,7 @@ CVE-2021-1820
CVE-2021-1819
RESERVED
CVE-2021-1818 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1817
RESERVED
CVE-2021-1816
@@ -27030,15 +27031,15 @@ CVE-2021-1808
CVE-2021-1807
RESERVED
CVE-2021-1806 (A race condition was addressed with additional validation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1805 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1804
RESERVED
CVE-2021-1803 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1802 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1801 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
{DSA-4877-1}
- webkit2gtk 2.30.6-1
@@ -27056,21 +27057,21 @@ CVE-2021-1799 (A port redirection issue was addressed with additional port valid
CVE-2021-1798
RESERVED
CVE-2021-1797 (The issue was addressed with improved permissions logic. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1796 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1795 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1794 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1793 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1792 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1791 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1790 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1789 (A type confusion issue was addressed with improved state handling. Thi ...)
{DSA-4877-1}
- webkit2gtk 2.30.6-1
@@ -27083,49 +27084,49 @@ CVE-2021-1788 (A use after free issue was addressed with improved memory managem
- wpewebkit <unfixed>
NOTE: https://webkitgtk.org/security/WSA-2021-0003.html
CVE-2021-1787 (Multiple issues were addressed with improved logic. This issue is fixe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1786 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1785 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1784
RESERVED
CVE-2021-1783 (An access issue was addressed with improved memory management. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1782 (A race condition was addressed with improved locking. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1781 (A privacy issue existed in the handling of Contact cards. This was add ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1780 (A memory initialization issue was addressed with improved memory handl ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1779 (A logic error in kext loading was addressed with improved state handli ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1778 (An out-of-bounds read issue existed in the curl. This issue was addres ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1777 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1776 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1775 (This issue was addressed by removing the vulnerable code. This issue i ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1774 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1773 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1772 (A stack overflow was addressed with improved input validation. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1771 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1770
RESERVED
CVE-2021-1769 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1768 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1767 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1766 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1765 (This issue was addressed with improved iframe sandbox enforcement. Thi ...)
{DSA-4877-1}
- webkit2gtk 2.30.6-1
@@ -27133,63 +27134,63 @@ CVE-2021-1765 (This issue was addressed with improved iframe sandbox enforcement
- wpewebkit 2.30.6-1
NOTE: https://webkitgtk.org/security/WSA-2021-0002.html
CVE-2021-1764 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1763 (A buffer overflow was addressed with improved bounds checking. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1762
RESERVED
CVE-2021-1761 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1760 (A memory corruption issue was addressed with improved state management ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1759 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1758 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1757 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1756 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1755 (A lock screen issue allowed access to contacts on a locked device. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1754 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1753 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1752
RESERVED
CVE-2021-1751 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1750 (Multiple issues were addressed with improved logic. This issue is fixe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1749
RESERVED
CVE-2021-1748 (A validation issue was addressed with improved input sanitization. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1747 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1746 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1745 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1744 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1743 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1742 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1741 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1740
RESERVED
CVE-2021-1739
RESERVED
CVE-2021-1738 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1737 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2021-1736 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29651 (A denial of service via regular expression in the py.path.svnwc compon ...)
- python-py 1.10.0-1
[buster] - python-py <no-dsa> (Minor issue)
@@ -27222,7 +27223,7 @@ CVE-2020-29641
CVE-2020-29640
RESERVED
CVE-2020-29639 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29638
RESERVED
CVE-2020-29637
@@ -27234,7 +27235,7 @@ CVE-2020-29635
CVE-2020-29634
RESERVED
CVE-2020-29633 (An authentication issue was addressed with improved state management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29632
RESERVED
CVE-2020-29631
@@ -27250,9 +27251,9 @@ CVE-2020-29627
CVE-2020-29626
RESERVED
CVE-2020-29625 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29624 (A memory corruption issue existed in the processing of font files. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29623 ("Clear History and Website Data" did not clear the history. The issue ...)
{DSA-4877-1}
- webkit2gtk 2.30.6-1
@@ -27262,33 +27263,33 @@ CVE-2020-29623 ("Clear History and Website Data" did not clear the history. The
CVE-2020-29622
RESERVED
CVE-2020-29621 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29620 (This issue was addressed with improved entitlements. This issue is fix ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29619 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29618 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29617 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29616 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29615 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29614 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29613 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29612 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29611 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29610 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29609
RESERVED
CVE-2020-29608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS before 4.7 ...)
NOT-FOR-US: Pluck CMS
CVE-2020-35921 (An issue was discovered in the miow crate before 0.3.6 for Rust. It ha ...)
@@ -31634,7 +31635,7 @@ CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client D
CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...)
NOT-FOR-US: TP-Link
CVE-2020-28346 (ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer ...)
- TODO: check
+ NOT-FOR-US: ACRN
CVE-2020-28345 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...)
NOT-FOR-US: LG mobile devices
CVE-2020-28344 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
@@ -34025,49 +34026,49 @@ CVE-2020-27954
CVE-2020-27953
RESERVED
CVE-2020-27952 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27951 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27950 (A memory initialization issue was addressed. This issue is fixed in ma ...)
NOT-FOR-US: Apple
CVE-2020-27949 (This issue was addressed with improved checks to prevent unauthorized ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27948 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27947 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27946 (An information disclosure issue was addressed with improved state mana ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27945 (An integer overflow was addressed with improved input validation. This ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27944 (A memory corruption issue existed in the processing of font files. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27943 (A memory corruption issue existed in the processing of font files. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27942
RESERVED
CVE-2020-27941 (A validation issue was addressed with improved logic. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27940
RESERVED
CVE-2020-27939 (This issue was addressed with improved checks. This issue is fixed in ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27938 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27937 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27936 (An out-of-bounds read issue existed that led to the disclosure of kern ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27935 (Multiple issues were addressed with improved logic. This issue is fixe ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27934
RESERVED
CVE-2020-27933 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27932 (A type confusion issue was addressed with improved state handling. Thi ...)
NOT-FOR-US: Apple
CVE-2020-27931 (A memory corruption issue existed in the processing of font files. Thi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27930 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-27929 (A logic issue existed in the handling of Group FaceTime calls. The iss ...)
@@ -34081,17 +34082,17 @@ CVE-2020-27926 (A use after free issue was addressed with improved memory manage
CVE-2020-27925 (An issue existed in the handling of incoming calls. The issue was addr ...)
NOT-FOR-US: Apple
CVE-2020-27924 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27923 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27922 (A logic issue was addressed with improved state management. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27921 (A race condition was addressed with improved state handling. This issu ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27920 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27919 (An out-of-bounds write was addressed with improved input validation. T ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27918 (A use after free issue was addressed with improved memory management. ...)
{DSA-4877-1}
- webkit2gtk 2.30.6-1
@@ -34103,9 +34104,9 @@ CVE-2020-27917 (A use after free issue was addressed with improved memory manage
CVE-2020-27916 (An out-of-bounds write was addressed with improved input validation. T ...)
NOT-FOR-US: Apple
CVE-2020-27915 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27914 (A memory corruption issue was addressed with improved input validation ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27913
RESERVED
CVE-2020-27912 (An out-of-bounds write was addressed with improved input validation. T ...)
@@ -34117,9 +34118,9 @@ CVE-2020-27910 (An out-of-bounds read was addressed with improved input validati
CVE-2020-27909 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-27908 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27907 (A memory corruption issue was addressed with improved memory handling. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27906 (Multiple integer overflows were addressed with improved input validati ...)
NOT-FOR-US: Apple
CVE-2020-27905 (A memory corruption issue was addressed with improved state management ...)
@@ -34131,15 +34132,15 @@ CVE-2020-27903 (This issue was addressed by removing the vulnerable code. This i
CVE-2020-27902 (An authentication issue was addressed with improved state management. ...)
NOT-FOR-US: Apple
CVE-2020-27901 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27900 (An issue existed in the handling of snapshots. The issue was resolved ...)
NOT-FOR-US: Apple
CVE-2020-27899 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27898 (A denial of service issue was addressed with improved state handling. ...)
NOT-FOR-US: Apple
CVE-2020-27897 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27896 (A path handling issue was addressed with improved validation. This iss ...)
NOT-FOR-US: Apple
CVE-2020-27895 (An information disclosure issue existed in the transition of program s ...)
@@ -34147,7 +34148,7 @@ CVE-2020-27895 (An information disclosure issue existed in the transition of pro
CVE-2020-27894 (The issue was addressed with additional user controls. This issue is f ...)
NOT-FOR-US: Apple
CVE-2020-27893 (An issue existed in screen sharing. This issue was addressed with impr ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-27892 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...)
NOT-FOR-US: Texas Instruments CC2538 devices
CVE-2020-27891 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...)
@@ -52822,13 +52823,13 @@ CVE-2020-19621
CVE-2020-19620
RESERVED
CVE-2020-19619 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signatur ...)
- TODO: check
+ NOT-FOR-US: mblog
CVE-2020-19618 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post con ...)
- TODO: check
+ NOT-FOR-US: mblog
CVE-2020-19617 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname ...)
- TODO: check
+ NOT-FOR-US: mblog
CVE-2020-19616 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post hea ...)
- TODO: check
+ NOT-FOR-US: mblog
CVE-2020-19615
RESERVED
CVE-2020-19614
@@ -72180,13 +72181,13 @@ CVE-2020-11927
CVE-2020-11926
RESERVED
CVE-2020-11925 (An issue was discovered in Luvion Grand Elite 3 Connect through 2020-0 ...)
- TODO: check
+ NOT-FOR-US: Luvion Grand Elite 3 Connect
CVE-2020-11924 (An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials ar ...)
- TODO: check
+ NOT-FOR-US: WiZ Colors A60
CVE-2020-11923 (An issue was discovered in WiZ Colors A60 1.14.0. API credentials are ...)
- TODO: check
+ NOT-FOR-US: WiZ Colors A60
CVE-2020-11922 (An issue was discovered in WiZ Colors A60 1.14.0. The device sends unn ...)
- TODO: check
+ NOT-FOR-US: WiZ Colors A60
CVE-2020-11921
RESERVED
CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...)
@@ -78047,7 +78048,7 @@ CVE-2020-9997 (An information disclosure issue was addressed with improved state
CVE-2020-9996 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2020-9995 (An issue existed in the parsing of URLs. This issue was addressed with ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...)
NOT-FOR-US: Apple
CVE-2020-9993 (The issue was addressed with improved UI handling. This issue is fixed ...)
@@ -78087,13 +78088,13 @@ CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds c
CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue is fi ...)
NOT-FOR-US: Apple
CVE-2020-9978 (This issue was addressed with improved setting propagation. This issue ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9977 (A validation issue existed in the entitlement verification. This issue ...)
NOT-FOR-US: Apple
CVE-2020-9976 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-9975 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9974 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
@@ -78101,7 +78102,7 @@ CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking
CVE-2020-9972 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2020-9971 (A logic issue was addressed with improved validation. This issue is fi ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9970
RESERVED
CVE-2020-9969 (An access issue was addressed with additional sandbox restrictions. Th ...)
@@ -78109,7 +78110,7 @@ CVE-2020-9969 (An access issue was addressed with additional sandbox restriction
CVE-2020-9968 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
CVE-2020-9967 (Multiple memory corruption issues were addressed with improved input v ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9966 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-9965 (An out-of-bounds read was addressed with improved input validation. Th ...)
@@ -78119,11 +78120,11 @@ CVE-2020-9964 (A memory initialization issue was addressed with improved memory
CVE-2020-9963 (The issue was addressed with improved handling of icon caches. This is ...)
NOT-FOR-US: Apple
CVE-2020-9962 (A buffer overflow was addressed with improved size validation. This is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9961 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-9960 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9958 (An out-of-bounds write issue was addressed with improved bounds checki ...)
@@ -78131,9 +78132,9 @@ CVE-2020-9958 (An out-of-bounds write issue was addressed with improved bounds c
CVE-2020-9957
RESERVED
CVE-2020-9956 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9955 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9954 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
CVE-2020-9953
@@ -78202,7 +78203,7 @@ CVE-2020-9932 (A memory corruption issue was addressed with improved validation.
CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-9930 (An out-of-bounds read was addressed with improved input validation. Th ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9929 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2020-9928 (Multiple memory corruption issues were addressed with improved memory ...)
@@ -78210,7 +78211,7 @@ CVE-2020-9928 (Multiple memory corruption issues were addressed with improved me
CVE-2020-9927 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-9926 (A use after free issue was addressed with improved memory management. ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-9925 (A logic issue was addressed with improved state management. This issue ...)
{DSA-4739-1}
- webkit2gtk 2.28.4-1
@@ -78628,7 +78629,7 @@ CVE-2020-10017 (An out-of-bounds write was addressed with improved input validat
CVE-2020-10016 (A memory corruption issue was addressed with improved state management ...)
NOT-FOR-US: Apple
CVE-2020-10015 (An out-of-bounds write issue was addressed with improved bounds checki ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-10014 (A parsing issue in the handling of directory paths was addressed with ...)
NOT-FOR-US: Apple
CVE-2020-10013 (A logic issue was addressed with improved state management. This issue ...)
@@ -78642,7 +78643,7 @@ CVE-2020-10010 (A path handling issue was addressed with improved validation. Th
CVE-2020-10009 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-10008 (A logic issue was addressed with improved restrictions. This issue is ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2020-10007 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...)
@@ -80455,13 +80456,13 @@ CVE-2019-20468 (An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS
CVE-2019-20467
RESERVED
CVE-2019-20466 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
- TODO: check
+ NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
CVE-2019-20465 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
- TODO: check
+ NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
CVE-2019-20464 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
- TODO: check
+ NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
CVE-2019-20463 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...)
- TODO: check
+ NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices
CVE-2019-20462
RESERVED
CVE-2019-20461
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7d978a8482fa4e256f6a9b9d73367dd88765b04...fb282d807bcba6f317d8535973dc756009d339ce
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7d978a8482fa4e256f6a9b9d73367dd88765b04...fb282d807bcba6f317d8535973dc756009d339ce
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210403/94b28dde/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list