summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2020-01-30 11:52:23 -0800
committerMoritz Muehlenhoff <jmm@debian.org>2020-01-30 11:52:23 -0800
commit806851d91dbdf367b57e859a129d29dc6b19a3f2 (patch)
tree72786de8aa82832377d18b083625985ab032a097
parent028dd30e3b51075f36ec0b9b6c1aaa66443bb83a (diff)
NFUs
stb code copy bugs
-rw-r--r--data/CVE/2019.list18
-rw-r--r--data/CVE/2020.list12
-rw-r--r--data/embedded-code-copies3
3 files changed, 18 insertions, 15 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 1cb0a835f8..85b2c7ed11 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -302,7 +302,7 @@ CVE-2019-20329 (OpenLambda 2019-09-10 allows DNS rebinding attacks against the O
CVE-2019-20328
RESERVED
CVE-2019-20327 (Insecure permissions in cwrapper_perl in Centreon Infrastructure Monit ...)
- TODO: check
+ NOT-FOR-US: Centreon Infrastructure Monitoring
CVE-2019-20325
REJECTED
CVE-2019-20324
@@ -1625,9 +1625,9 @@ CVE-2019-19825 (On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text
CVE-2019-19824 (On certain TOTOLINK Realtek SDK based routers, an authenticated attack ...)
NOT-FOR-US: TOTOLINK Realtek SDK based routers
CVE-2019-19823 (A certain router administration interface (that includes Realtek APMIB ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...)
- TODO: check
+ NOT-FOR-US: Realtek
CVE-2019-19821
RESERVED
CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...)
@@ -7631,7 +7631,7 @@ CVE-2019-17352 (In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is
CVE-2019-17339
RESERVED
CVE-2019-17338 (The user interface component of TIBCO Software Inc.'s TIBCO Patterns - ...)
- TODO: check
+ NOT-FOR-US: TIBCO
CVE-2019-17337 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2019-17336 (The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfir ...)
@@ -14475,7 +14475,7 @@ CVE-2019-14631
CVE-2019-14630
RESERVED
CVE-2019-14629 (Improper permissions in Intel(R) DAAL before version 2020 Gold may all ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14628
RESERVED
CVE-2019-14627
@@ -14509,7 +14509,7 @@ CVE-2019-14615 (Insufficient control flow in certain data structures for some In
CVE-2019-14614
RESERVED
CVE-2019-14613 (Improper access control in driver for Intel(R) VTune(TM) Amplifier for ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14612 (Out of bounds write in firmware for Intel(R) NUC(R) may allow a privil ...)
NOT-FOR-US: Intel
CVE-2019-14611 (Integer overflow in firmware for Intel(R) NUC(R) may allow a privilege ...)
@@ -14535,9 +14535,9 @@ CVE-2019-14603 (Improper permissions in the installer for the License Server sof
CVE-2019-14602 (Improper permissions in the installer for the Nuvoton* CIR Driver vers ...)
NOT-FOR-US: Nuvoton* CIR Driver
CVE-2019-14601 (Improper permissions in the installer for Intel(R) RWC 3 for Windows b ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) SNMP Su ...)
- TODO: check
+ NOT-FOR-US: Intel
CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier ...)
NOT-FOR-US: Intel
CVE-2019-14598
@@ -23407,7 +23407,7 @@ CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all q
CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not properly ...)
NOT-FOR-US: Cloud Foundry Routing
CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...)
- TODO: check
+ NOT-FOR-US: Pivotal
CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...)
- rabbitmq-server <unfixed> (bug #945600)
[buster] - rabbitmq-server <no-dsa> (Minor issue)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index dd0b1c45c9..41435c8574 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1313,7 +1313,7 @@ CVE-2020-7801
CVE-2020-7800
RESERVED
CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...)
- TODO: check
+ NOT-FOR-US: FusionAuth
CVE-2020-7798
RESERVED
CVE-2020-7797
@@ -5992,7 +5992,7 @@ CVE-2020-5525
CVE-2020-5524
RESERVED
CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...)
- TODO: check
+ NOT-FOR-US: MyPallete
CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...)
NOT-FOR-US: kantan netprint App for Android
CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...)
@@ -6628,11 +6628,11 @@ CVE-2020-5222
CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...)
NOT-FOR-US: uftpd
CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...)
- TODO: check
+ NOT-FOR-US: Angular Expressions
CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...)
- TODO: check
+ NOT-FOR-US: Sylius
CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
- ruby-secure-headers <unfixed> (bug #949999)
NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
@@ -10800,7 +10800,7 @@ CVE-2020-3149
CVE-2020-3148
RESERVED
CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3146
RESERVED
CVE-2020-3145
diff --git a/data/embedded-code-copies b/data/embedded-code-copies
index 6e1dc6537e..fce42b6c5a 100644
--- a/data/embedded-code-copies
+++ b/data/embedded-code-copies
@@ -3469,3 +3469,6 @@ libstb
- libsixel <unfixed> (embed; bug #949707)
- retroarch <unfixed> (embed; bug #949708)
- libsfml <unfixed> (embed; bug #949709)
+ - sumo <unfixed> (embed; bug #950251)
+ - yquake2 <unfixed> (embed; bug #950252)
+ - dart <unfixed> (modified-embed)

© 2014-2024 Faster IT GmbH | imprint | privacy policy