diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2021-02-23 14:50:53 +0100 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2021-02-23 14:51:34 +0100 |
| commit | cb0478b9751b8a4fdae7a95c28d41d4e91f48b1b (patch) | |
| tree | 3d9704baeacc471d69cc65b45aa5a6fbe0813735 | |
| parent | c6e568b55acea85bfb63f7dc4a4e13de07c00b7e (diff) | |
NFUs
| -rw-r--r-- | data/CVE/2013.list | 2 | ||||
| -rw-r--r-- | data/CVE/2019.list | 2 | ||||
| -rw-r--r-- | data/CVE/2020.list | 17 | ||||
| -rw-r--r-- | data/CVE/2021.list | 4 |
4 files changed, 12 insertions, 13 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 5c9a54b8e5..0894c44fc7 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -12792,7 +12792,7 @@ CVE-2013-2514 CVE-2013-2513 RESERVED CVE-2013-2512 (The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitra ...) - TODO: check + NOT-FOR-US: Ruby ftpd gem CVE-2013-2511 RESERVED CVE-2013-2510 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index f31595b72d..7db9e80ae1 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -46184,7 +46184,7 @@ CVE-2019-3407 CVE-2019-3406 RESERVED CVE-2019-3405 (In the 3.1.3.64296 and lower version of 360F5, the third party can tri ...) - TODO: check + NOT-FOR-US: 360F5 CVE-2019-3404 (By adding some special fields to the uri ofrouter app function, the us ...) NOT-FOR-US: ofrouter CVE-2019-3403 (The /rest/api/2/user/picker rest resource in Jira before version 7.13. ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 41c7f1d1f9..dd8bce4c11 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -15152,9 +15152,8 @@ CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const a NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976 NOTE: https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...) - - mujs <undetermined> + - mujs <not-affected> (Didn't affect any released version of mujs) NOTE: https://github.com/ccxvii/mujs/issues/136 - TODO: check, issue seems to be of disputed validity CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...) - lua5.4 5.4.1-1 (bug #971012) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html @@ -15521,7 +15520,7 @@ CVE-2020-24177 CVE-2020-24176 RESERVED CVE-2020-24175 (Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius ...) - TODO: check + NOT-FOR-US: IZArc CVE-2020-24174 RESERVED CVE-2020-24173 @@ -18927,7 +18926,7 @@ CVE-2020-22477 CVE-2020-22476 RESERVED CVE-2020-22475 ("Tasks" application version before 9.7.3 is affected by insecure permi ...) - TODO: check + NOT-FOR-US: Tasks app CVE-2020-22474 (In webERP 4.15, the ManualContents.php file allows users to specify th ...) NOT-FOR-US: webERP CVE-2020-22473 @@ -52911,13 +52910,13 @@ CVE-2020-7787 (This affects all versions of package react-adal. It is possible f CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...) NOT-FOR-US: Node macfromip CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...) - TODO: check + NOT-FOR-US: Noed node-ps CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...) - TODO: check + NOT-FOR-US: Node ts-process-promises CVE-2020-7783 RESERVED CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...) - TODO: check + NOT-FOR-US: Node spritesheet-js CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...) NOT-FOR-US: Node connection-tester CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...) @@ -52931,7 +52930,7 @@ CVE-2020-7777 (This affects all versions of package jsen. If an attacker can con CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...) NOT-FOR-US: phpoffice/phpspreadsheet CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability ...) - TODO: check + NOT-FOR-US: Node freediskspace CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...) - node-y18n 4.0.0-3 (bug #976390) [buster] - node-y18n 3.2.1-2+deb10u1 @@ -69976,7 +69975,7 @@ CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there CVE-2020-0237 REJECTED CVE-2020-0236 (In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of- ...) - TODO: check + NOT-FOR-US: Android CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...) diff --git a/data/CVE/2021.list b/data/CVE/2021.list index a06e71eeee..1cd97111d9 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -11,7 +11,7 @@ CVE-2021-27570 CVE-2021-27569 RESERVED CVE-2021-27568 (An issue was discovered in netplex json-smart-v1 through 2015-10-23 an ...) - TODO: check + NOT-FOR-US: netplex CVE-2021-27567 RESERVED CVE-2021-27566 @@ -52,7 +52,7 @@ CVE-2021-27551 CVE-2021-27550 RESERVED CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...) - TODO: check + NOT-FOR-US: Genymotion Desktop CVE-2021-27548 RESERVED CVE-2021-27547 |