From d48aba1f76e6ce931cf42f4396ea7dce0dd4f86a Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 28 Oct 2020 08:10:24 +0000 Subject: automatic update --- data/CVE/list | 738 +++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 446 insertions(+), 292 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 72cdc053b5..4a33308f5f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,165 @@ +CVE-2020-27968 + RESERVED +CVE-2020-27967 + RESERVED +CVE-2020-27966 + RESERVED +CVE-2020-27965 + RESERVED +CVE-2020-27964 + RESERVED +CVE-2020-27963 + RESERVED +CVE-2020-27962 + RESERVED +CVE-2020-27961 + RESERVED +CVE-2020-27960 + RESERVED +CVE-2020-27959 + RESERVED +CVE-2020-27958 + RESERVED +CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was not proper ...) + TODO: check +CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...) + TODO: check +CVE-2020-27955 + RESERVED +CVE-2020-27954 + RESERVED +CVE-2020-27953 + RESERVED +CVE-2020-27952 + RESERVED +CVE-2020-27951 + RESERVED +CVE-2020-27950 + RESERVED +CVE-2020-27949 + RESERVED +CVE-2020-27948 + RESERVED +CVE-2020-27947 + RESERVED +CVE-2020-27946 + RESERVED +CVE-2020-27945 + RESERVED +CVE-2020-27944 + RESERVED +CVE-2020-27943 + RESERVED +CVE-2020-27942 + RESERVED +CVE-2020-27941 + RESERVED +CVE-2020-27940 + RESERVED +CVE-2020-27939 + RESERVED +CVE-2020-27938 + RESERVED +CVE-2020-27937 + RESERVED +CVE-2020-27936 + RESERVED +CVE-2020-27935 + RESERVED +CVE-2020-27934 + RESERVED +CVE-2020-27933 + RESERVED +CVE-2020-27932 + RESERVED +CVE-2020-27931 + RESERVED +CVE-2020-27930 + RESERVED +CVE-2020-27929 + RESERVED +CVE-2020-27928 + RESERVED +CVE-2020-27927 + RESERVED +CVE-2020-27926 + RESERVED +CVE-2020-27925 + RESERVED +CVE-2020-27924 + RESERVED +CVE-2020-27923 + RESERVED +CVE-2020-27922 + RESERVED +CVE-2020-27921 + RESERVED +CVE-2020-27920 + RESERVED +CVE-2020-27919 + RESERVED +CVE-2020-27918 + RESERVED +CVE-2020-27917 + RESERVED +CVE-2020-27916 + RESERVED +CVE-2020-27915 + RESERVED +CVE-2020-27914 + RESERVED +CVE-2020-27913 + RESERVED +CVE-2020-27912 + RESERVED +CVE-2020-27911 + RESERVED +CVE-2020-27910 + RESERVED +CVE-2020-27909 + RESERVED +CVE-2020-27908 + RESERVED +CVE-2020-27907 + RESERVED +CVE-2020-27906 + RESERVED +CVE-2020-27905 + RESERVED +CVE-2020-27904 + RESERVED +CVE-2020-27903 + RESERVED +CVE-2020-27902 + RESERVED +CVE-2020-27901 + RESERVED +CVE-2020-27900 + RESERVED +CVE-2020-27899 + RESERVED +CVE-2020-27898 + RESERVED +CVE-2020-27897 + RESERVED +CVE-2020-27896 + RESERVED +CVE-2020-27895 + RESERVED +CVE-2020-27894 + RESERVED +CVE-2020-27893 + RESERVED +CVE-2020-27892 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...) + TODO: check +CVE-2020-27891 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...) + TODO: check +CVE-2020-27890 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...) + TODO: check +CVE-2020-27889 + RESERVED +CVE-2020-27888 (An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC- ...) + TODO: check CVE-2021-0300 RESERVED CVE-2021-0299 @@ -2112,12 +2274,12 @@ CVE-2020-27162 RESERVED CVE-2020-27161 RESERVED -CVE-2020-27160 - RESERVED -CVE-2020-27159 - RESERVED -CVE-2020-27158 - RESERVED +CVE-2020-27160 (Addressed remote code execution vulnerability in AvailableApps.php tha ...) + TODO: check +CVE-2020-27159 (Addressed remote code execution vulnerability in DsdkProxy.php due to ...) + TODO: check +CVE-2020-27158 (Addressed remote code execution vulnerability in cgi_api.php that allo ...) + TODO: check CVE-2020-27157 (Veritas APTARE versions prior to 10.5 included code that bypassed the ...) NOT-FOR-US: Veritas CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate authori ...) @@ -5103,8 +5265,8 @@ CVE-2020-25767 RESERVED CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...) NOT-FOR-US: MISP -CVE-2020-25765 - RESERVED +CVE-2020-25765 (Addressed remote code execution vulnerability in reg_device.php due to ...) + TODO: check CVE-2020-25764 RESERVED CVE-2020-25763 (Seat Reservation System version 1.0 suffers from an Unauthenticated Fi ...) @@ -24893,8 +25055,8 @@ CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, NOT-FOR-US: Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles CVE-2020-16141 RESERVED -CVE-2020-16140 - RESERVED +CVE-2020-16140 (The search functionality of the Greenmart theme 2.4.2 for WordPress is ...) + TODO: check CVE-2020-16139 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified I ...) NOT-FOR-US: Cisco CVE-2020-16138 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Uni ...) @@ -33699,8 +33861,8 @@ CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Fre - frr (unimportant) NOTE: https://github.com/FRRouting/frr/pull/6383 NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48 -CVE-2020-12830 - RESERVED +CVE-2020-12830 (Addressed multiple stack buffer overflow vulnerabilities that could al ...) + TODO: check CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...) {DSA-4760-1} - qemu 1:5.0-12 (low; bug #961451) @@ -42598,14 +42760,14 @@ CVE-2020-9984 (An out-of-bounds read was addressed with improved input validatio NOT-FOR-US: Apple CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Safari -CVE-2020-9982 - RESERVED +CVE-2020-9982 (This issue was addressed with improved checks to prevent unauthorized ...) + TODO: check CVE-2020-9981 RESERVED CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple -CVE-2020-9979 - RESERVED +CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue is fi ...) + TODO: check CVE-2020-9978 RESERVED CVE-2020-9977 @@ -42616,8 +42778,8 @@ CVE-2020-9975 RESERVED CVE-2020-9974 RESERVED -CVE-2020-9973 - RESERVED +CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check CVE-2020-9972 RESERVED CVE-2020-9971 @@ -42640,8 +42802,8 @@ CVE-2020-9963 RESERVED CVE-2020-9962 RESERVED -CVE-2020-9961 - RESERVED +CVE-2020-9961 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2020-9960 RESERVED CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...) @@ -42680,8 +42842,8 @@ CVE-2020-9943 RESERVED CVE-2020-9942 RESERVED -CVE-2020-9941 - RESERVED +CVE-2020-9941 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...) @@ -42698,8 +42860,8 @@ CVE-2020-9934 (An issue existed in the handling of environment variables. This i NOT-FOR-US: Apple CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple -CVE-2020-9932 - RESERVED +CVE-2020-9932 (A memory corruption issue was addressed with improved validation. This ...) + TODO: check CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9930 @@ -42855,8 +43017,8 @@ CVE-2020-9868 (A certificate validation issue existed when processing administra NOT-FOR-US: Apple CVE-2020-9867 RESERVED -CVE-2020-9866 - RESERVED +CVE-2020-9866 (A buffer overflow was addressed with improved bounds checking. This is ...) + TODO: check CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerable cod ...) NOT-FOR-US: Apple CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is ...) @@ -42872,14 +43034,14 @@ CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue wa NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9861 RESERVED -CVE-2020-9860 - RESERVED +CVE-2020-9860 (A custom URL scheme handling issue was addressed with improved input v ...) + TODO: check CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...) NOT-FOR-US: Apple -CVE-2020-9857 - RESERVED +CVE-2020-9857 (An issue existed in the parsing of URLs. This issue was addressed with ...) + TODO: check CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...) @@ -43056,16 +43218,16 @@ CVE-2020-9788 (A validation issue was addressed with improved input sanitization NOT-FOR-US: Apple CVE-2020-9787 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple -CVE-2020-9786 - RESERVED +CVE-2020-9786 (This issue was addressed with improved checks This issue is fixed in m ...) + TODO: check CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple Safari CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple -CVE-2020-9782 - RESERVED +CVE-2020-9782 (A parsing issue in the handling of directory paths was addressed with ...) + TODO: check CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...) NOT-FOR-US: Apple CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...) @@ -43080,8 +43242,8 @@ CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fi NOT-FOR-US: Apple CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...) NOT-FOR-US: Apple -CVE-2020-9774 - RESERVED +CVE-2020-9774 (An issue existed with Siri Suggestions access to encrypted data. The i ...) + TODO: check CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...) NOT-FOR-US: Apple CVE-2020-9772 (A logic issue was addressed with improved restrictions. This issue is ...) @@ -58406,8 +58568,8 @@ CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixe NOT-FOR-US: Apple CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple -CVE-2020-3880 - RESERVED +CVE-2020-3880 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2020-3879 RESERVED CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...) @@ -58453,16 +58615,15 @@ CVE-2020-3865 (Multiple memory corruption issues were addressed with improved me [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html -CVE-2020-3864 - RESERVED +CVE-2020-3864 (A logic issue was addressed with improved validation. This issue is fi ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html -CVE-2020-3863 - RESERVED +CVE-2020-3863 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 @@ -58482,16 +58643,16 @@ CVE-2020-3857 (A memory corruption issue was addressed with improved memory hand NOT-FOR-US: Apple CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple -CVE-2020-3855 - RESERVED +CVE-2020-3855 (An access issue was addressed with improved access restrictions. This ...) + TODO: check CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple -CVE-2020-3852 - RESERVED -CVE-2020-3851 - RESERVED +CVE-2020-3852 (A logic issue was addressed with improved validation. This issue is fi ...) + TODO: check +CVE-2020-3851 (A use after free issue was addressed with improved memory management. ...) + TODO: check CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...) @@ -100667,14 +100828,14 @@ CVE-2019-8903 (index.js in Total.js Platform before 3.2.3 allows path traversal. NOT-FOR-US: Total.js Platform CVE-2019-8902 (An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vuln ...) NOT-FOR-US: idreamsoft iCMS -CVE-2019-8901 - RESERVED +CVE-2019-8901 (This issue was addressed by verifying host keys when connecting to a p ...) + TODO: check CVE-2019-8900 RESERVED CVE-2019-8899 RESERVED -CVE-2019-8898 - RESERVED +CVE-2019-8898 (An information disclosure issue existed in the handling of the Storage ...) + TODO: check CVE-2019-8897 RESERVED CVE-2019-8896 @@ -100753,32 +100914,31 @@ CVE-2019-8860 RESERVED CVE-2019-8859 RESERVED -CVE-2019-8858 - RESERVED -CVE-2019-8857 - RESERVED -CVE-2019-8856 - RESERVED -CVE-2019-8855 - RESERVED -CVE-2019-8854 - RESERVED -CVE-2019-8853 - RESERVED -CVE-2019-8852 - RESERVED -CVE-2019-8851 - RESERVED -CVE-2019-8850 - RESERVED +CVE-2019-8858 (A logic issue was addressed with improved state management. This issue ...) + TODO: check +CVE-2019-8857 (The issue was addressed with improved validation when an iCloud Link i ...) + TODO: check +CVE-2019-8856 (An API issue existed in the handling of outgoing phone calls initiated ...) + TODO: check +CVE-2019-8855 (An access issue was addressed with additional sandbox restrictions. Th ...) + TODO: check +CVE-2019-8854 (A user privacy issue was addressed by removing the broadcast MAC addre ...) + TODO: check +CVE-2019-8853 (A validation issue was addressed with improved input sanitization. Thi ...) + TODO: check +CVE-2019-8852 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8851 (A logic issue was addressed with improved state management. This issue ...) + TODO: check +CVE-2019-8850 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2019-8849 (The issue was addressed by signaling that an executable stack is not r ...) NOT-FOR-US: Apple -CVE-2019-8848 - RESERVED -CVE-2019-8847 - RESERVED -CVE-2019-8846 - RESERVED +CVE-2019-8848 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2019-8847 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8846 (A use after free issue was addressed with improved memory management. ...) {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -100786,8 +100946,7 @@ CVE-2019-8846 NOTE: https://webkitgtk.org/security/WSA-2020-0001.html CVE-2019-8845 RESERVED -CVE-2019-8844 - RESERVED +CVE-2019-8844 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -100795,54 +100954,52 @@ CVE-2019-8844 NOTE: https://webkitgtk.org/security/WSA-2020-0001.html CVE-2019-8843 RESERVED -CVE-2019-8842 [he `ippReadIO` function may under-read an extension field] - RESERVED +CVE-2019-8842 (A buffer overflow was addressed with improved bounds checking. This is ...) {DLA-2237-1} - cups 2.3.1-12 [buster] - cups 2.2.10-6+deb10u3 [stretch] - cups 2.2.1-8+deb9u6 NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ipp.c: ippReadIO) -CVE-2019-8841 - RESERVED -CVE-2019-8840 - RESERVED -CVE-2019-8839 - RESERVED -CVE-2019-8838 - RESERVED -CVE-2019-8837 - RESERVED -CVE-2019-8836 - RESERVED -CVE-2019-8835 - RESERVED +CVE-2019-8841 (An information disclosure issue was addressed by removing the vulnerab ...) + TODO: check +CVE-2019-8840 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check +CVE-2019-8839 (A buffer overflow was addressed with improved bounds checking. This is ...) + TODO: check +CVE-2019-8838 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8837 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2019-8836 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8835 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2020-0001.html -CVE-2019-8834 - RESERVED -CVE-2019-8833 - RESERVED -CVE-2019-8832 - RESERVED -CVE-2019-8831 - RESERVED -CVE-2019-8830 - RESERVED -CVE-2019-8829 - RESERVED -CVE-2019-8828 - RESERVED -CVE-2019-8827 - RESERVED -CVE-2019-8826 - RESERVED -CVE-2019-8825 - RESERVED -CVE-2019-8824 - RESERVED +CVE-2019-8834 (A configuration issue was addressed with additional restrictions. This ...) + TODO: check +CVE-2019-8833 (A memory corruption issue was addressed by removing the vulnerable cod ...) + TODO: check +CVE-2019-8832 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8831 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8830 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2019-8829 (A memory corruption vulnerability was addressed with improved locking. ...) + TODO: check +CVE-2019-8828 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8827 (The HTTP referrer header may be used to leak browsing history. The iss ...) + TODO: check +CVE-2019-8826 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2019-8825 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2019-8824 (A memory corruption issue was addressed with improved state management ...) + TODO: check CVE-2019-8823 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.1-1 @@ -100915,8 +101072,8 @@ CVE-2019-8811 (Multiple memory corruption issues were addressed with improved me NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8810 RESERVED -CVE-2019-8809 - RESERVED +CVE-2019-8809 (A validation issue was addressed with improved logic. This issue is fi ...) + TODO: check CVE-2019-8808 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 @@ -100939,14 +101096,14 @@ CVE-2019-8801 (A dynamic library loading issue existed in iTunes setup. This was NOT-FOR-US: Apple CVE-2019-8800 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple -CVE-2019-8799 - RESERVED +CVE-2019-8799 (This issue was resolved by replacing device names with a random identi ...) + TODO: check CVE-2019-8798 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8797 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2019-8796 - RESERVED +CVE-2019-8796 (A logic issue was addressed with improved validation. This issue is fi ...) + TODO: check CVE-2019-8795 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8794 (A validation issue was addressed with improved input sanitization. Thi ...) @@ -100957,8 +101114,8 @@ CVE-2019-8792 (An injection issue was addressed with improved validation. This i NOT-FOR-US: Shazam Android App CVE-2019-8791 (An issue existed in the parsing of URL schemes. This issue was address ...) NOT-FOR-US: Shazam Android App -CVE-2019-8790 - RESERVED +CVE-2019-8790 (This issue was addresses by updating incorrect URLSession file descrip ...) + TODO: check CVE-2019-8789 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2019-8788 (An issue existed in the parsing of URLs. This issue was addressed with ...) @@ -100985,26 +101142,25 @@ CVE-2019-8782 (Multiple memory corruption issues were addressed with improved me NOTE: https://webkitgtk.org/security/WSA-2019-0006.html CVE-2019-8781 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple -CVE-2019-8780 - RESERVED +CVE-2019-8780 (The issue was addressed with improved permissions logic. This issue is ...) + TODO: check CVE-2019-8779 (A logic issue applied the incorrect restrictions. This issue was addre ...) NOT-FOR-US: Apple CVE-2019-8778 RESERVED -CVE-2019-8777 - RESERVED -CVE-2019-8776 - RESERVED +CVE-2019-8777 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + TODO: check +CVE-2019-8776 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check CVE-2019-8775 (The issue was addressed by restricting options offered on a locked dev ...) NOT-FOR-US: Apple -CVE-2019-8774 - RESERVED -CVE-2019-8773 - RESERVED +CVE-2019-8774 (A resource exhaustion issue was addressed with improved input validati ...) + TODO: check +CVE-2019-8773 (Multiple memory corruption issues were addressed with improved memory ...) + TODO: check CVE-2019-8772 (An issue existed in the handling of links in encrypted PDFs. This issu ...) NOT-FOR-US: Apple -CVE-2019-8771 - RESERVED +CVE-2019-8771 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101023,8 +101179,8 @@ CVE-2019-8768 ("Clear History and Website Data" did not clear the history. The i [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html -CVE-2019-8767 - RESERVED +CVE-2019-8767 (A memory consumption issue was addressed with improved memory handling ...) + TODO: check CVE-2019-8766 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 @@ -101049,44 +101205,44 @@ CVE-2019-8763 (Multiple memory corruption issues were addressed with improved me [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html -CVE-2019-8762 - RESERVED -CVE-2019-8761 - RESERVED +CVE-2019-8762 (A validation issue was addressed with improved logic. This issue is fi ...) + TODO: check +CVE-2019-8761 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check CVE-2019-8760 (This issue was addressed by improving Face ID machine learning models. ...) NOT-FOR-US: Apple -CVE-2019-8759 - RESERVED +CVE-2019-8759 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check CVE-2019-8758 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8757 (A race condition existed when reading and writing user preferences. Th ...) NOT-FOR-US: Apple -CVE-2019-8756 - RESERVED +CVE-2019-8756 (Multiple memory corruption issues were addressed with improved input v ...) + TODO: check CVE-2019-8755 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple -CVE-2019-8754 - RESERVED -CVE-2019-8753 - RESERVED -CVE-2019-8752 - RESERVED -CVE-2019-8751 - RESERVED +CVE-2019-8754 (A cross-origin issue existed with "iframe" elements. This was addresse ...) + TODO: check +CVE-2019-8753 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2019-8752 (Multiple memory corruption issues were addressed with improved memory ...) + TODO: check +CVE-2019-8751 (Multiple memory corruption issues were addressed with improved memory ...) + TODO: check CVE-2019-8750 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple -CVE-2019-8749 - RESERVED +CVE-2019-8749 (Multiple memory corruption issues were addressed with improved input v ...) + TODO: check CVE-2019-8748 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8747 (A memory corruption vulnerability was addressed with improved locking. ...) NOT-FOR-US: Apple -CVE-2019-8746 - RESERVED +CVE-2019-8746 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check CVE-2019-8745 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple -CVE-2019-8744 - RESERVED +CVE-2019-8744 (A memory corruption issue existed in the handling of IPv6 packets. Thi ...) + TODO: check CVE-2019-8743 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4558-1} - webkit2gtk 2.26.0-1 @@ -101097,39 +101253,39 @@ CVE-2019-8742 (The issue was addressed by restricting options offered on a locke NOT-FOR-US: Apple CVE-2019-8741 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple -CVE-2019-8740 - RESERVED +CVE-2019-8740 (A memory corruption vulnerability was addressed with improved locking. ...) + TODO: check CVE-2019-8739 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2019-8738 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple -CVE-2019-8737 - RESERVED -CVE-2019-8736 - RESERVED +CVE-2019-8737 (A denial of service issue was addressed with improved validation. This ...) + TODO: check +CVE-2019-8736 (An input validation issue was addressed with improved input validation ...) + TODO: check CVE-2019-8735 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html -CVE-2019-8734 - RESERVED +CVE-2019-8734 (Multiple memory corruption issues were addressed with improved memory ...) + TODO: check CVE-2019-8733 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html -CVE-2019-8732 - RESERVED +CVE-2019-8732 (The issue was addressed with improved data deletion. This issue is fix ...) + TODO: check CVE-2019-8731 (A permissions issue existed in which execute permission was incorrectl ...) NOT-FOR-US: Apple CVE-2019-8730 (The contents of locked notes sometimes appeared in search results. Thi ...) NOT-FOR-US: Apple CVE-2019-8729 RESERVED -CVE-2019-8728 - RESERVED +CVE-2019-8728 (Multiple memory corruption issues were addressed with improved memory ...) + TODO: check CVE-2019-8727 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2019-8726 (Multiple memory corruption issues were addressed with improved memory ...) @@ -101160,20 +101316,20 @@ CVE-2019-8719 (A logic issue was addressed with improved state management. This [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html -CVE-2019-8718 - RESERVED +CVE-2019-8718 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check CVE-2019-8717 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2019-8716 - RESERVED -CVE-2019-8715 - RESERVED +CVE-2019-8716 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8715 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check CVE-2019-8714 RESERVED CVE-2019-8713 RESERVED -CVE-2019-8712 - RESERVED +CVE-2019-8712 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check CVE-2019-8711 (A logic issue existed with the display of notification previews. This ...) NOT-FOR-US: Apple CVE-2019-8710 (Multiple memory corruption issues were addressed with improved memory ...) @@ -101182,18 +101338,18 @@ CVE-2019-8710 (Multiple memory corruption issues were addressed with improved me [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0006.html -CVE-2019-8709 - RESERVED -CVE-2019-8708 - RESERVED +CVE-2019-8709 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2019-8708 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check CVE-2019-8707 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0005.html -CVE-2019-8706 - RESERVED +CVE-2019-8706 (A memory corruption issue was addressed with improved state management ...) + TODO: check CVE-2019-8705 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2019-8704 (An authentication issue was addressed with improved state management. ...) @@ -101212,8 +101368,7 @@ CVE-2019-8698 (A validation issue existed in the entitlement verification. This NOT-FOR-US: Apple CVE-2019-8697 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2019-8696 [stack-buffer-overflow in libcups's asn1_get_packed function] - RESERVED +CVE-2019-8696 (A buffer overflow issue was addressed with improved memory handling. T ...) {DLA-1893-1} - cups 2.2.12-1 (bug #934957) [buster] - cups 2.2.10-6+deb10u1 @@ -101311,8 +101466,7 @@ CVE-2019-8676 (Multiple memory corruption issues were addressed with improved me [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html -CVE-2019-8675 [stack-buffer-overflow in libcups's asn1_get_type function] - RESERVED +CVE-2019-8675 (A buffer overflow issue was addressed with improved memory handling. T ...) {DLA-1893-1} - cups 2.2.12-1 (bug #934957) [buster] - cups 2.2.10-6+deb10u1 @@ -101350,8 +101504,8 @@ CVE-2019-8669 (Multiple memory corruption issues were addressed with improved me [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0004.html -CVE-2019-8668 - RESERVED +CVE-2019-8668 (A denial of service issue was addressed with improved validation. This ...) + TODO: check CVE-2019-8667 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2019-8666 (Multiple memory corruption issues were addressed with improved memory ...) @@ -101362,8 +101516,8 @@ CVE-2019-8666 (Multiple memory corruption issues were addressed with improved me NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8665 (A denial of service issue was addressed with improved validation. This ...) NOT-FOR-US: Apple -CVE-2019-8664 - RESERVED +CVE-2019-8664 (An input validation issue was addressed with improved input validation ...) + TODO: check CVE-2019-8663 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8662 (This issue was addressed with improved checks. This issue is fixed in ...) @@ -101382,8 +101536,8 @@ CVE-2019-8658 (A logic issue was addressed with improved state management. This NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8657 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple -CVE-2019-8656 - RESERVED +CVE-2019-8656 (This was addressed with additional checks by Gatekeeper on files mount ...) + TODO: check CVE-2019-8655 RESERVED CVE-2019-8654 (An inconsistent user interface issue was addressed with improved state ...) @@ -101408,8 +101562,8 @@ CVE-2019-8647 (A use after free issue was addressed with improved memory managem NOT-FOR-US: Apple CVE-2019-8646 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple -CVE-2019-8645 - RESERVED +CVE-2019-8645 (An issue existed in the handling of encrypted Mail. This issue was add ...) + TODO: check CVE-2019-8644 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4515-1} - webkit2gtk 2.24.4-1 @@ -101418,16 +101572,16 @@ CVE-2019-8644 (Multiple memory corruption issues were addressed with improved me NOTE: https://webkitgtk.org/security/WSA-2019-0004.html CVE-2019-8643 RESERVED -CVE-2019-8642 - RESERVED +CVE-2019-8642 (An issue existed in the handling of S-MIME certificates. This issue wa ...) + TODO: check CVE-2019-8641 (An out-of-bounds read was addressed with improved input validation. ...) NOT-FOR-US: Apple -CVE-2019-8640 - RESERVED -CVE-2019-8639 - RESERVED -CVE-2019-8638 - RESERVED +CVE-2019-8640 (A logic issue was addressed with improved validation. This issue is fi ...) + TODO: check +CVE-2019-8639 (Multiple memory corruption issues were addressed with improved memory ...) + TODO: check +CVE-2019-8638 (Multiple memory corruption issues were addressed with improved memory ...) + TODO: check CVE-2019-8637 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-8636 @@ -101436,12 +101590,12 @@ CVE-2019-8635 (A memory corruption issue was addressed with improved memory hand NOT-FOR-US: Apple CVE-2019-8634 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple -CVE-2019-8633 - RESERVED +CVE-2019-8633 (A validation issue was addressed with improved input sanitization. Thi ...) + TODO: check CVE-2019-8632 (Some analytics data was sent using HTTP rather than HTTPS. This was ad ...) NOT-FOR-US: Apple -CVE-2019-8631 - RESERVED +CVE-2019-8631 (A logic issue was addressed with improved state management. This issue ...) + TODO: check CVE-2019-8630 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2019-8629 (A memory initialization issue was addressed with improved memory handl ...) @@ -101479,8 +101633,8 @@ CVE-2019-8619 (Multiple memory corruption issues were addressed with improved me [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html -CVE-2019-8618 - RESERVED +CVE-2019-8618 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check CVE-2019-8617 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2019-8616 (A memory corruption issue was addressed with improved memory handling. ...) @@ -101493,8 +101647,8 @@ CVE-2019-8614 RESERVED CVE-2019-8613 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple -CVE-2019-8612 - RESERVED +CVE-2019-8612 (A logic issue was addressed with improved state management. This issue ...) + TODO: check CVE-2019-8611 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101561,16 +101715,16 @@ CVE-2019-8594 (Multiple memory corruption issues were addressed with improved me NOTE: https://webkitgtk.org/security/WSA-2019-0003.html CVE-2019-8593 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2019-8592 - RESERVED +CVE-2019-8592 (A memory corruption issue was addressed with improved input validation ...) + TODO: check CVE-2019-8591 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2019-8590 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2019-8589 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple -CVE-2019-8588 - RESERVED +CVE-2019-8588 (A null pointer dereference was addressed with improved input validatio ...) + TODO: check CVE-2019-8587 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101593,37 +101747,37 @@ CVE-2019-8583 (Multiple memory corruption issues were addressed with improved me [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html -CVE-2019-8582 - RESERVED -CVE-2019-8581 - RESERVED -CVE-2019-8580 - RESERVED -CVE-2019-8579 - RESERVED -CVE-2019-8578 - RESERVED +CVE-2019-8582 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check +CVE-2019-8581 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2019-8580 (Source-routed IPv4 packets were disabled by default. This issue is fix ...) + TODO: check +CVE-2019-8579 (An input validation issue was addressed with improved memory handling. ...) + TODO: check +CVE-2019-8578 (A use after free issue was addressed with improved memory management. ...) + TODO: check CVE-2019-8577 (An input validation issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2019-8576 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple -CVE-2019-8575 - RESERVED +CVE-2019-8575 (The issue was addressed with improved data deletion. This issue is fix ...) + TODO: check CVE-2019-8574 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2019-8573 - RESERVED -CVE-2019-8572 - RESERVED +CVE-2019-8573 (An input validation issue was addressed with improved input validation ...) + TODO: check +CVE-2019-8572 (A null pointer dereference was addressed with improved input validatio ...) + TODO: check CVE-2019-8571 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0003.html -CVE-2019-8570 - RESERVED -CVE-2019-8569 - RESERVED +CVE-2019-8570 (A logic issue was addressed with improved state management. This issue ...) + TODO: check +CVE-2019-8569 (A memory corruption issue was addressed with improved memory handling. ...) + TODO: check CVE-2019-8568 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2019-8567 (A user privacy issue was addressed by removing the broadcast MAC addre ...) @@ -101632,8 +101786,8 @@ CVE-2019-8566 (An API issue existed in the handling of microphone data. This iss NOT-FOR-US: Apple CVE-2019-8565 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple -CVE-2019-8564 - RESERVED +CVE-2019-8564 (A logic issue was addressed with improved validation. This issue is fi ...) + TODO: check CVE-2019-8563 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101678,8 +101832,8 @@ CVE-2019-8549 (Multiple input validation issues existed in MIG generated code. T NOT-FOR-US: Apple CVE-2019-8548 (An issue existed where partially entered passcodes may not clear when ...) NOT-FOR-US: Apple -CVE-2019-8547 - RESERVED +CVE-2019-8547 (An out-of-bounds read issue existed that led to the disclosure of kern ...) + TODO: check CVE-2019-8546 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2019-8545 (A memory corruption issue was addressed with improved state management ...) @@ -101697,10 +101851,10 @@ CVE-2019-8541 (A privacy issue existed in motion sensor calibration. This issue NOT-FOR-US: Apple CVE-2019-8540 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple -CVE-2019-8539 - RESERVED -CVE-2019-8538 - RESERVED +CVE-2019-8539 (A memory initialization issue was addressed with improved memory handl ...) + TODO: check +CVE-2019-8538 (A denial of service issue was addressed with improved validation. This ...) + TODO: check CVE-2019-8537 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2019-8536 (A memory corruption issue was addressed with improved memory handling. ...) @@ -101713,26 +101867,26 @@ CVE-2019-8535 (A memory corruption issue was addressed with improved state manag [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html -CVE-2019-8534 - RESERVED +CVE-2019-8534 (A logic issue existed resulting in memory corruption. This was address ...) + TODO: check CVE-2019-8533 (A lock handling issue was addressed with improved lock handling. This ...) NOT-FOR-US: Apple -CVE-2019-8532 - RESERVED -CVE-2019-8531 - RESERVED +CVE-2019-8532 (A permissions issue was addressed by removing vulnerable code and addi ...) + TODO: check +CVE-2019-8531 (A validation issue existed in Trust Anchor Management. This issue was ...) + TODO: check CVE-2019-8530 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2019-8529 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple -CVE-2019-8528 - RESERVED +CVE-2019-8528 (A use after free issue was addressed with improved memory management. ...) + TODO: check CVE-2019-8527 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2019-8526 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple -CVE-2019-8525 - RESERVED +CVE-2019-8525 (A memory corruption issue was addressed with improved state management ...) + TODO: check CVE-2019-8524 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -101775,8 +101929,8 @@ CVE-2019-8511 (A buffer overflow issue was addressed with improved memory handli NOT-FOR-US: Apple CVE-2019-8510 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple -CVE-2019-8509 - RESERVED +CVE-2019-8509 (This issue was addressed by removing the vulnerable code. This issue i ...) + TODO: check CVE-2019-8508 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2019-8507 (Multiple memory corruption issues were addressed with improved input v ...) @@ -104860,14 +105014,14 @@ CVE-2019-7292 (A validation issue was addressed with improved logic. This issue [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) NOTE: https://webkitgtk.org/security/WSA-2019-0002.html -CVE-2019-7291 - RESERVED +CVE-2019-7291 (A denial of service issue was addressed with improved memory handling. ...) + TODO: check CVE-2019-7290 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Shortcuts for iOS CVE-2019-7289 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Shortcuts for iOS -CVE-2019-7288 - RESERVED +CVE-2019-7288 (The issue was addressed with improved validation on the FaceTime serve ...) + TODO: check CVE-2019-7287 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2019-7286 (A memory corruption issue was addressed with improved input validation ...) @@ -107467,8 +107621,8 @@ CVE-2018-20699 (Docker Engine before 18.09 allows attackers to cause a denial of NOTE: Negligible security impact CVE-2019-6239 (This issue was addressed with improved handling of file metadata. This ...) NOT-FOR-US: Apple -CVE-2019-6238 - RESERVED +CVE-2019-6238 (A validation issue existed in the handling of symlinks. This issue was ...) + TODO: check CVE-2019-6237 (Multiple memory corruption issues were addressed with improved memory ...) - webkit2gtk 2.24.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -166287,8 +166441,8 @@ CVE-2018-4476 RESERVED CVE-2018-4475 RESERVED -CVE-2018-4474 - RESERVED +CVE-2018-4474 (A memory consumption issue was addressed with improved memory handling ...) + TODO: check CVE-2018-4473 RESERVED CVE-2018-4472 @@ -166299,10 +166453,10 @@ CVE-2018-4470 (A privacy issue in the handling of Open Directory records was add NOT-FOR-US: Apple CVE-2018-4469 RESERVED -CVE-2018-4468 - RESERVED -CVE-2018-4467 - RESERVED +CVE-2018-4468 (This issue was addressed by removing additional entitlements. This iss ...) + TODO: check +CVE-2018-4467 (A memory corruption issue was addressed with improved state management ...) + TODO: check CVE-2018-4466 RESERVED CVE-2018-4465 (A memory corruption issue was addressed with improved memory handling. ...) @@ -166333,24 +166487,24 @@ CVE-2018-4454 RESERVED CVE-2018-4453 RESERVED -CVE-2018-4452 - RESERVED -CVE-2018-4451 - RESERVED +CVE-2018-4452 (A memory consumption issue was addressed with improved memory handling ...) + TODO: check +CVE-2018-4451 (This issue is fixed in macOS Mojave 10.14. A memory corruption issue w ...) + TODO: check CVE-2018-4450 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2018-4449 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2018-4448 - RESERVED +CVE-2018-4448 (A memory initialization issue was addressed with improved memory handl ...) + TODO: check CVE-2018-4447 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2018-4446 (This issue was addressed with improved entitlements. This issue affect ...) NOT-FOR-US: Apple CVE-2018-4445 ("Clear History and Website Data" did not clear the history. The issue ...) NOT-FOR-US: Apple -CVE-2018-4444 - RESERVED +CVE-2018-4444 (A logic issue was addressed with improved state management. This issue ...) + TODO: check CVE-2018-4443 (A memory corruption issue was addressed with improved memory handling. ...) - webkit2gtk 2.22.3-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0009.html @@ -166381,8 +166535,8 @@ CVE-2018-4435 (A logic issue was addressed with improved restrictions. This issu NOT-FOR-US: Apple CVE-2018-4434 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple -CVE-2018-4433 - RESERVED +CVE-2018-4433 (A configuration issue was addressed with additional restrictions. This ...) + TODO: check CVE-2018-4432 RESERVED CVE-2018-4431 (A memory initialization issue was addressed with improved memory handl ...) @@ -166391,8 +166545,8 @@ CVE-2018-4430 (A lock screen issue allowed access to contacts on a locked device NOT-FOR-US: Apple CVE-2018-4429 (A spoofing issue existed in the handling of URLs. This issue was addre ...) NOT-FOR-US: Apple -CVE-2018-4428 - RESERVED +CVE-2018-4428 (A lock screen issue allowed access to the share function on a locked d ...) + TODO: check CVE-2018-4427 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2018-4426 (A memory corruption issue was addressed with improved memory handling. ...) @@ -166469,10 +166623,10 @@ CVE-2018-4392 (Multiple memory corruption issues were addressed with improved me - webkit2gtk 2.22.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0008.html NOTE: Not covered by security support -CVE-2018-4391 - RESERVED -CVE-2018-4390 - RESERVED +CVE-2018-4391 (An inconsistent user interface issue was addressed with improved state ...) + TODO: check +CVE-2018-4390 (An inconsistent user interface issue was addressed with improved state ...) + TODO: check CVE-2018-4389 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2018-4388 (A lock screen issue allowed access to the share function on a locked d ...) @@ -166493,8 +166647,8 @@ CVE-2018-4382 (Multiple memory corruption issues were addressed with improved me - webkit2gtk 2.22.1-1 (unimportant) NOTE: https://webkitgtk.org/security/WSA-2018-0008.html NOTE: Not covered by security support -CVE-2018-4381 - RESERVED +CVE-2018-4381 (A resource exhaustion issue was addressed with improved input validati ...) + TODO: check CVE-2018-4380 (A lock screen issue allowed access to photos and contacts on a locked ...) NOT-FOR-US: Apple CVE-2018-4379 (A lock screen issue allowed access to the share function on a locked d ...) @@ -166595,8 +166749,8 @@ CVE-2018-4341 (A memory corruption issue was addressed with improved memory hand NOT-FOR-US: Apple CVE-2018-4340 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple -CVE-2018-4339 - RESERVED +CVE-2018-4339 (This issue was addressed with a new entitlement. This issue is fixed i ...) + TODO: check CVE-2018-4338 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2018-4337 (A memory corruption issue was addressed with improved memory handling. ...) @@ -166713,8 +166867,8 @@ CVE-2018-4298 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sie NOT-FOR-US: Apple CVE-2018-4297 RESERVED -CVE-2018-4296 - RESERVED +CVE-2018-4296 (This issue is fixed in macOS Mojave 10.14. A permissions issue existed ...) + TODO: check CVE-2018-4295 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2018-4294 -- cgit v1.2.3