From cb0478b9751b8a4fdae7a95c28d41d4e91f48b1b Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Tue, 23 Feb 2021 14:50:53 +0100 Subject: NFUs --- data/CVE/2020.list | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'data/CVE/2020.list') diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 41c7f1d1f9..dd8bce4c11 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -15152,9 +15152,8 @@ CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const a NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976 NOTE: https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...) - - mujs + - mujs (Didn't affect any released version of mujs) NOTE: https://github.com/ccxvii/mujs/issues/136 - TODO: check, issue seems to be of disputed validity CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...) - lua5.4 5.4.1-1 (bug #971012) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html @@ -15521,7 +15520,7 @@ CVE-2020-24177 CVE-2020-24176 RESERVED CVE-2020-24175 (Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius ...) - TODO: check + NOT-FOR-US: IZArc CVE-2020-24174 RESERVED CVE-2020-24173 @@ -18927,7 +18926,7 @@ CVE-2020-22477 CVE-2020-22476 RESERVED CVE-2020-22475 ("Tasks" application version before 9.7.3 is affected by insecure permi ...) - TODO: check + NOT-FOR-US: Tasks app CVE-2020-22474 (In webERP 4.15, the ManualContents.php file allows users to specify th ...) NOT-FOR-US: webERP CVE-2020-22473 @@ -52911,13 +52910,13 @@ CVE-2020-7787 (This affects all versions of package react-adal. It is possible f CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...) NOT-FOR-US: Node macfromip CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...) - TODO: check + NOT-FOR-US: Noed node-ps CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...) - TODO: check + NOT-FOR-US: Node ts-process-promises CVE-2020-7783 RESERVED CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...) - TODO: check + NOT-FOR-US: Node spritesheet-js CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...) NOT-FOR-US: Node connection-tester CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...) @@ -52931,7 +52930,7 @@ CVE-2020-7777 (This affects all versions of package jsen. If an attacker can con CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...) NOT-FOR-US: phpoffice/phpspreadsheet CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability ...) - TODO: check + NOT-FOR-US: Node freediskspace CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...) - node-y18n 4.0.0-3 (bug #976390) [buster] - node-y18n 3.2.1-2+deb10u1 @@ -69976,7 +69975,7 @@ CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there CVE-2020-0237 REJECTED CVE-2020-0236 (In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of- ...) - TODO: check + NOT-FOR-US: Android CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...) -- cgit v1.2.3