From 0491ffba8d0fddf14f0198ca3f69f5af327fab4e Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Thu, 29 Oct 2020 12:02:47 +0100 Subject: new webcit issues NFUs --- data/CVE/list | 268 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 134 insertions(+), 134 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 5c34c69d5a..6341cd02e3 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -19,7 +19,7 @@ CVE-2020-27983 CVE-2020-27982 RESERVED CVE-2020-27981 (An XSS vulnerability in the auto-complete function of the description ...) - TODO: check + NOT-FOR-US: Firefly III CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...) NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices CVE-2020-27979 @@ -698,13 +698,13 @@ CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure - libpam-tacplus (bug #973250) NOTE: https://github.com/kravietz/pam_tacplus/pull/163 CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel WebCit th ...) - TODO: check + - webcit CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit ...) - TODO: check + - webcit CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote attackers to ...) - TODO: check + - webcit CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit through 926 ...) - TODO: check + - webcit CVE-2020-27738 RESERVED CVE-2020-27737 @@ -7673,19 +7673,19 @@ CVE-2020-24715 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Valid CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...) NOT-FOR-US: Scalyr CVE-2020-24713 (Gophish through 0.10.1 does not invalidate the gophish cookie upon log ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24712 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24711 (The Reset button on the Account Settings page in Gophish before 0.11.0 ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24710 (Gophish before 0.11.0 allows SSRF attacks. ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24709 (Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24708 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24707 (Gophish before 0.11.0 allows the creation of CSV sheets that contain m ...) - TODO: check + NOT-FOR-US: Gophish CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) NOT-FOR-US: WSO2 CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) @@ -48368,13 +48368,13 @@ CVE-2020-7757 CVE-2020-7756 RESERVED CVE-2020-7755 (All versions of package dat.gui are vulnerable to Regular Expression D ...) - TODO: check + NOT-FOR-US: dat.GUI CVE-2020-7754 (This affects the package npm-user-validate before 1.0.1. The regex tha ...) - TODO: check + NOT-FOR-US: npm-user-validate CVE-2020-7753 (All versions of package trim are vulnerable to Regular Expression Deni ...) - TODO: check + NOT-FOR-US: Node trim CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...) - TODO: check + NOT-FOR-US: Node systeminformation CVE-2020-7751 (This affects all versions of package pathval. ...) - node-pathval 1.1.0-4 (bug #972895) [buster] - node-pathval (Minor issue) @@ -55129,9 +55129,9 @@ CVE-2020-5147 CVE-2020-5146 RESERVED CVE-2020-5145 (SonicWall Global VPN client version 4.10.4.0314 and earlier have an in ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2020-5144 (SonicWall Global VPN client version 4.10.4.0314 and earlier allows unp ...) - TODO: check + NOT-FOR-US: SonicWall CVE-2020-5143 (SonicOS SSLVPN login page allows a remote unauthenticated attacker to ...) NOT-FOR-US: SonicOS SSLVPN CVE-2020-5142 (A stored cross-site scripting (XSS) vulnerability exists in the SonicO ...) @@ -100966,29 +100966,29 @@ CVE-2019-8860 CVE-2019-8859 RESERVED CVE-2019-8858 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8857 (The issue was addressed with improved validation when an iCloud Link i ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8856 (An API issue existed in the handling of outgoing phone calls initiated ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8855 (An access issue was addressed with additional sandbox restrictions. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8854 (A user privacy issue was addressed by removing the broadcast MAC addre ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8853 (A validation issue was addressed with improved input sanitization. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8852 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8851 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8850 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8849 (The issue was addressed by signaling that an executable stack is not r ...) NOT-FOR-US: Apple CVE-2019-8848 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8847 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8846 (A use after free issue was addressed with improved memory management. ...) {DSA-4610-1} - webkit2gtk 2.26.3-1 @@ -101012,17 +101012,17 @@ CVE-2019-8842 (A buffer overflow was addressed with improved bounds checking. Th [stretch] - cups 2.2.1-8+deb9u6 NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ipp.c: ippReadIO) CVE-2019-8841 (An information disclosure issue was addressed by removing the vulnerab ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8840 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8839 (A buffer overflow was addressed with improved bounds checking. This is ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8838 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8837 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8836 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8835 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4610-1} - webkit2gtk 2.26.3-1 @@ -101030,27 +101030,27 @@ CVE-2019-8835 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2020-0001.html CVE-2019-8834 (A configuration issue was addressed with additional restrictions. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8833 (A memory corruption issue was addressed by removing the vulnerable cod ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8832 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8831 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8830 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8829 (A memory corruption vulnerability was addressed with improved locking. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8828 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8827 (The HTTP referrer header may be used to leak browsing history. The iss ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8826 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8825 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8824 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8823 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 @@ -101124,7 +101124,7 @@ CVE-2019-8811 (Multiple memory corruption issues were addressed with improved me CVE-2019-8810 RESERVED CVE-2019-8809 (A validation issue was addressed with improved logic. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8808 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 @@ -101148,13 +101148,13 @@ CVE-2019-8801 (A dynamic library loading issue existed in iTunes setup. This was CVE-2019-8800 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8799 (This issue was resolved by replacing device names with a random identi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8798 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8797 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8796 (A logic issue was addressed with improved validation. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8795 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8794 (A validation issue was addressed with improved input sanitization. Thi ...) @@ -101166,7 +101166,7 @@ CVE-2019-8792 (An injection issue was addressed with improved validation. This i CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was address ...) NOT-FOR-US: Shazam Android App CVE-2019-8790 (This issue was addresses by updating incorrect URLSession file descrip ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8789 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2019-8788 (An issue existed in the parsing of URLs. This issue was addressed with ...) @@ -101194,21 +101194,21 @@ CVE-2019-8782 (Multiple memory corruption issues were addressed with improved me CVE-2019-8781 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8780 (The issue was addressed with improved permissions logic. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8779 (A logic issue applied the incorrect restrictions. This issue was addre ...) NOT-FOR-US: Apple CVE-2019-8778 RESERVED CVE-2019-8777 (A lock screen issue allowed access to contacts on a locked device. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8776 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8775 (The issue was addressed by restricting options offered on a locked dev ...) NOT-FOR-US: Apple CVE-2019-8774 (A resource exhaustion issue was addressed with improved input validati ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8773 (Multiple memory corruption issues were addressed with improved memory ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8772 (An issue existed in the handling of links in encrypted PDFs. This issu ...) NOT-FOR-US: Apple CVE-2019-8771 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) @@ -101231,7 +101231,7 @@ CVE-2019-8768 ("Clear History and Website Data" did not clear the history. The i [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8767 (A memory consumption issue was addressed with improved memory handling ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8766 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 @@ -101257,43 +101257,43 @@ CVE-2019-8763 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8762 (A validation issue was addressed with improved logic. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8761 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8760 (This issue was addressed by improving Face ID machine learning models. ...) NOT-FOR-US: Apple CVE-2019-8759 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8758 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8757 (A race condition existed when reading and writing user preferences. Th ...) NOT-FOR-US: Apple CVE-2019-8756 (Multiple memory corruption issues were addressed with improved input v ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8755 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2019-8754 (A cross-origin issue existed with "iframe" elements. This was addresse ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8753 (This issue was addressed with improved checks. This issue is fixed in ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8752 (Multiple memory corruption issues were addressed with improved memory ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8751 (Multiple memory corruption issues were addressed with improved memory ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8750 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2019-8749 (Multiple memory corruption issues were addressed with improved input v ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8748 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8747 (A memory corruption vulnerability was addressed with improved locking. ...) NOT-FOR-US: Apple CVE-2019-8746 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8745 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2019-8744 (A memory corruption issue existed in the handling of IPv6 packets. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8743 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 @@ -101305,22 +101305,22 @@ CVE-2019-8742 (The issue was addressed by restricting options offered on a locke CVE-2019-8741 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8740 (A memory corruption vulnerability was addressed with improved locking. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8739 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8738 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8737 (A denial of service issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8736 (An input validation issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8735 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8734 (Multiple memory corruption issues were addressed with improved memory ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8733 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 @@ -101328,7 +101328,7 @@ CVE-2019-8733 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8732 (The issue was addressed with improved data deletion. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8731 (A permissions issue existed in which execute permission was incorrectl ...) NOT-FOR-US: Apple CVE-2019-8730 (The contents of locked notes sometimes appeared in search results. Thi ...) @@ -101336,7 +101336,7 @@ CVE-2019-8730 (The contents of locked notes sometimes appeared in search results CVE-2019-8729 RESERVED CVE-2019-8728 (Multiple memory corruption issues were addressed with improved memory ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8727 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8726 (Multiple memory corruption issues were addressed with improved memory ...) @@ -101368,19 +101368,19 @@ CVE-2019-8719 (A logic issue was addressed with improved state management. This [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8718 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8717 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8716 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8715 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8714 RESERVED CVE-2019-8713 RESERVED CVE-2019-8712 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8711 (A logic issue existed with the display of notification previews. This ...) NOT-FOR-US: Apple CVE-2019-8710 (Multiple memory corruption issues were addressed with improved memory ...) @@ -101390,9 +101390,9 @@ CVE-2019-8710 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8709 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8708 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8707 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 @@ -101400,7 +101400,7 @@ CVE-2019-8707 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html CVE-2019-8706 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8705 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8704 (An authentication issue was addressed with improved state management. ...) @@ -101556,7 +101556,7 @@ CVE-2019-8669 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8668 (A denial of service issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8667 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2019-8666 (Multiple memory corruption issues were addressed with improved memory ...) @@ -101568,7 +101568,7 @@ CVE-2019-8666 (Multiple memory corruption issues were addressed with improved me CVE-2019-8665 (A denial of service issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8664 (An input validation issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8663 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8662 (This issue was addressed with improved checks. This issue is fixed in ...) @@ -101588,7 +101588,7 @@ CVE-2019-8658 (A logic issue was addressed with improved state management. This CVE-2019-8657 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8656 (This was addressed with additional checks by Gatekeeper on files mount ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8655 RESERVED CVE-2019-8654 (An inconsistent user interface issue was addressed with improved state ...) @@ -101614,7 +101614,7 @@ CVE-2019-8647 (A use after free issue was addressed with improved memory managem CVE-2019-8646 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2019-8645 (An issue existed in the handling of encrypted Mail. This issue was add ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8644 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 @@ -101624,15 +101624,15 @@ CVE-2019-8644 (Multiple memory corruption issues were addressed with improved me CVE-2019-8643 RESERVED CVE-2019-8642 (An issue existed in the handling of S-MIME certificates. This issue wa ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...) NOT-FOR-US: Apple CVE-2019-8640 (A logic issue was addressed with improved validation. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8639 (Multiple memory corruption issues were addressed with improved memory ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8638 (Multiple memory corruption issues were addressed with improved memory ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8637 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8636 @@ -101642,11 +101642,11 @@ CVE-2019-8635 (A memory corruption issue was addressed with improved memory hand CVE-2019-8634 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2019-8633 (A validation issue was addressed with improved input sanitization. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8632 (Some analytics data was sent using HTTP rather than HTTPS. This was ad ...) NOT-FOR-US: Apple CVE-2019-8631 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8630 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2019-8629 (A memory initialization issue was addressed with improved memory handl ...) @@ -101685,7 +101685,7 @@ CVE-2019-8619 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8618 (A logic issue was addressed with improved restrictions. This issue is ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8617 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2019-8616 (A memory corruption issue was addressed with improved memory handling. ...) @@ -101699,7 +101699,7 @@ CVE-2019-8614 CVE-2019-8613 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8612 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8611 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101767,7 +101767,7 @@ CVE-2019-8594 (Multiple memory corruption issues were addressed with improved me CVE-2019-8593 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8592 (A memory corruption issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8591 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2019-8590 (A logic issue was addressed with improved restrictions. This issue is ...) @@ -101775,7 +101775,7 @@ CVE-2019-8590 (A logic issue was addressed with improved restrictions. This issu CVE-2019-8589 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8588 (A null pointer dereference was addressed with improved input validatio ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8587 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101799,36 +101799,36 @@ CVE-2019-8583 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8582 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8581 (An out-of-bounds read was addressed with improved input validation. Th ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8580 (Source-routed IPv4 packets were disabled by default. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8579 (An input validation issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8578 (A use after free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8577 (An input validation issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8576 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2019-8575 (The issue was addressed with improved data deletion. This issue is fix ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8574 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8573 (An input validation issue was addressed with improved input validation ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8572 (A null pointer dereference was addressed with improved input validatio ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8571 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8570 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8569 (A memory corruption issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8568 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2019-8567 (A user privacy issue was addressed by removing the broadcast MAC addre ...) @@ -101838,7 +101838,7 @@ CVE-2019-8566 (An API issue existed in the handling of microphone data. This iss CVE-2019-8565 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2019-8564 (A logic issue was addressed with improved validation. This issue is fi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8563 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101884,7 +101884,7 @@ CVE-2019-8549 (Multiple input validation issues existed in MIG generated code. T CVE-2019-8548 (An issue existed where partially entered passcodes may not clear when ...) NOT-FOR-US: Apple CVE-2019-8547 (An out-of-bounds read issue existed that led to the disclosure of kern ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8546 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2019-8545 (A memory corruption issue was addressed with improved state management ...) @@ -101903,9 +101903,9 @@ CVE-2019-8541 (A privacy issue existed in motion sensor calibration. This issue CVE-2019-8540 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2019-8539 (A memory initialization issue was addressed with improved memory handl ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8538 (A denial of service issue was addressed with improved validation. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8537 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2019-8536 (A memory corruption issue was addressed with improved memory handling. ...) @@ -101919,25 +101919,25 @@ CVE-2019-8535 (A memory corruption issue was addressed with improved state manag [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-8534 (A logic issue existed resulting in memory corruption. This was address ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8533 (A lock handling issue was addressed with improved lock handling. This ...) NOT-FOR-US: Apple CVE-2019-8532 (A permissions issue was addressed by removing vulnerable code and addi ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8531 (A validation issue existed in Trust Anchor Management. This issue was ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8530 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8529 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8528 (A use after free issue was addressed with improved memory management. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8527 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2019-8526 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2019-8525 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8524 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101981,7 +101981,7 @@ CVE-2019-8511 (A buffer overflow issue was addressed with improved memory handli CVE-2019-8510 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2019-8509 (This issue was addressed by removing the vulnerable code. This issue i ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-8508 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2019-8507 (Multiple memory corruption issues were addressed with improved input v ...) @@ -105066,13 +105066,13 @@ CVE-2019-7292 (A validation issue was addressed with improved logic. This issue [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html CVE-2019-7291 (A denial of service issue was addressed with improved memory handling. ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-7290 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Shortcuts for iOS CVE-2019-7289 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Shortcuts for iOS CVE-2019-7288 (The issue was addressed with improved validation on the FaceTime serve ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-7287 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-7286 (A memory corruption issue was addressed with improved input validation ...) @@ -107673,7 +107673,7 @@ CVE-2018-20699 (Docker Engine before 18.09 allows attackers to cause a denial of CVE-2019-6239 (This issue was addressed with improved handling of file metadata. This ...) NOT-FOR-US: Apple CVE-2019-6238 (A validation issue existed in the handling of symlinks. This issue was ...) - TODO: check + NOT-FOR-US: Apple CVE-2019-6237 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -119937,7 +119937,7 @@ CVE-2018-19955 CVE-2018-19954 RESERVED CVE-2018-19953 (If exploited, this cross-site scripting vulnerability could allow remo ...) - TODO: check + NOT-FOR-US: QNAP CVE-2018-19952 RESERVED CVE-2018-19951 @@ -119945,7 +119945,7 @@ CVE-2018-19951 CVE-2018-19950 RESERVED CVE-2018-19949 (If exploited, this command injection vulnerability could allow remote ...) - TODO: check + NOT-FOR-US: QNAP CVE-2018-19948 (The vulnerability have been reported to affect earlier versions of Hel ...) NOT-FOR-US: QNAP CVE-2018-19947 (The vulnerability have been reported to affect earlier versions of Hel ...) @@ -119957,7 +119957,7 @@ CVE-2018-19945 CVE-2018-19944 RESERVED CVE-2018-19943 (If exploited, this cross-site scripting vulnerability could allow remo ...) - TODO: check + NOT-FOR-US: QNAP CVE-2018-19942 RESERVED CVE-2018-19941 @@ -166493,7 +166493,7 @@ CVE-2018-4476 CVE-2018-4475 RESERVED CVE-2018-4474 (A memory consumption issue was addressed with improved memory handling ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4473 RESERVED CVE-2018-4472 @@ -166505,9 +166505,9 @@ CVE-2018-4470 (A privacy issue in the handling of Open Directory records was add CVE-2018-4469 RESERVED CVE-2018-4468 (This issue was addressed by removing additional entitlements. This iss ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4467 (A memory corruption issue was addressed with improved state management ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4466 RESERVED CVE-2018-4465 (A memory corruption issue was addressed with improved memory handling. ...) @@ -166539,15 +166539,15 @@ CVE-2018-4454 CVE-2018-4453 RESERVED CVE-2018-4452 (A memory consumption issue was addressed with improved memory handling ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4451 (This issue is fixed in macOS Mojave 10.14. A memory corruption issue w ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4450 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2018-4449 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2018-4448 (A memory initialization issue was addressed with improved memory handl ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4447 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2018-4446 (This issue was addressed with improved entitlements. This issue affect ...) @@ -166555,7 +166555,7 @@ CVE-2018-4446 (This issue was addressed with improved entitlements. This issue a CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The issue ...) NOT-FOR-US: Apple CVE-2018-4444 (A logic issue was addressed with improved state management. This issue ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4443 (A memory corruption issue was addressed with improved memory handling. ...) - webkit2gtk 2.22.3-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0009.html @@ -166587,7 +166587,7 @@ CVE-2018-4435 (A logic issue was addressed with improved restrictions. This issu CVE-2018-4434 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2018-4433 (A configuration issue was addressed with additional restrictions. This ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4432 RESERVED CVE-2018-4431 (A memory initialization issue was addressed with improved memory handl ...) @@ -166597,7 +166597,7 @@ CVE-2018-4430 (A lock screen issue allowed access to contacts on a locked device CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue was addre ...) NOT-FOR-US: Apple CVE-2018-4428 (A lock screen issue allowed access to the share function on a locked d ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4427 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2018-4426 (A memory corruption issue was addressed with improved memory handling. ...) @@ -166675,9 +166675,9 @@ CVE-2018-4392 (Multiple memory corruption issues were addressed with improved me NOTE: https://webkitgtk.org/security/WSA-2018-0008.html NOTE: Not covered by security support CVE-2018-4391 (An inconsistent user interface issue was addressed with improved state ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4390 (An inconsistent user interface issue was addressed with improved state ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4389 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2018-4388 (A lock screen issue allowed access to the share function on a locked d ...) @@ -166699,7 +166699,7 @@ CVE-2018-4382 (Multiple memory corruption issues were addressed with improved me NOTE: https://webkitgtk.org/security/WSA-2018-0008.html NOTE: Not covered by security support CVE-2018-4381 (A resource exhaustion issue was addressed with improved input validati ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a locked ...) NOT-FOR-US: Apple CVE-2018-4379 (A lock screen issue allowed access to the share function on a locked d ...) @@ -166801,7 +166801,7 @@ CVE-2018-4341 (A memory corruption issue was addressed with improved memory hand CVE-2018-4340 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2018-4339 (This issue was addressed with a new entitlement. This issue is fixed i ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4338 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2018-4337 (A memory corruption issue was addressed with improved memory handling. ...) @@ -166919,7 +166919,7 @@ CVE-2018-4298 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sie CVE-2018-4297 RESERVED CVE-2018-4296 (This issue is fixed in macOS Mojave 10.14. A permissions issue existed ...) - TODO: check + NOT-FOR-US: Apple CVE-2018-4295 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2018-4294 -- cgit v1.2.3