automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-13 20:10:21 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-13 20:10:21 +0000
commit: 25e8ea8fcfde03c91d69a2226e265459a8c055ac (patch)
tree: 1efd8551ac4b646e87998f49d9df13204df5f2ec
parent: 32619a748e34985eaf05809706bf306f3a38b663 (diff)
4 files changed, 205 insertions, 164 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index c182a4dbd1..bb1968f515 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -333,7 +333,7 @@ CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent
 CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in A ...)
 	{DSA-2963-1}
 	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
-CVE-2012-6611 (Polycom HDX Video End Points before 3.0 allows attackers to read arbit ...)
+CVE-2012-6611 (An issue was discovered in Polycom Web Management Interface G3/HDX 800 ...)
 	TODO: check
 CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...)
 	NOT-FOR-US: Polycom HDX Video End Points
@@ -1574,8 +1574,8 @@ CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x befo
 	NOTE: Fixed in 4:4.8.2+dfsg-10
 CVE-2012-6092 (Multiple cross-site scripting (XSS) vulnerabilities in the web demos i ...)
 	- activemq <not-affected> (Example code not shipped in .deb)
-CVE-2012-6091
-	RESERVED
+CVE-2012-6091 (Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information di ...)
+	TODO: check
 CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in os/pl- ...)
 	- swi-prolog 5.10.4-5 (low; bug #697416)
 	[squeeze] - swi-prolog 5.10.1-1+squeeze1
@@ -2776,8 +2776,7 @@ CVE-2012-5624 (The XMLHttpRequest object in Qt before 4.8.4 enables http redirec
 	- qt4-x11 4:4.8.2+dfsg-7 (bug #695156)
 	[squeeze] - qt4-x11 <not-affected> (Vulnerable code not present)
 	NOTE: http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
-CVE-2012-5623
-	RESERVED
+CVE-2012-5623 (Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. ...)
 	NOT-FOR-US: change_passwd plugin for Squirrelmail
 CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the management cons ...)
 	NOT-FOR-US: OpenShift
@@ -11998,8 +11997,8 @@ CVE-2012-1905
 	RESERVED
 CVE-2012-1904 (mp4fformat.dll in the QuickTime File Format plugin in RealNetworks Rea ...)
 	NOT-FOR-US: RealPlayer
-CVE-2012-1903
-	RESERVED
+CVE-2012-1903 (XSS in Telligent Community 5.6.583.20496 via a flash file and related  ...)
+	TODO: check
 CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a con ...)
 	- phpmyadmin 4:3.4.10.2-1 (unimportant)
 CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS  ...)
@@ -12887,8 +12886,8 @@ CVE-2012-1502 (Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyP
 	- python-pam 0.4.2-13
 CVE-2012-1501
 	REJECTED
-CVE-2012-1500
-	RESERVED
+CVE-2012-1500 (Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and Gre ...)
+	TODO: check
 CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attac ...)
 	- openjpeg <not-affected> (vulnerable code introduced after 1.3)
 CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index dc1166d432..c4de9256f0 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -15957,8 +15957,8 @@ CVE-2014-4199 (vm-support 0.88 in VMware Tools, as distributed with VMware Works
 	[squeeze] - open-vm-tools <no-dsa> (Minor issue)
 	[wheezy] - open-vm-tools <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
-CVE-2014-4198
-	RESERVED
+CVE-2014-4198 (A Two-Factor Authentication Bypass Vulnerability exists in BS-Client P ...)
+	TODO: check
 CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS  ...)
 	NOT-FOR-US: Bank Soft Systems
 CVE-2014-4196 (Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Syste ...)
@@ -16030,8 +16030,8 @@ CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly i
 	[wheezy] - linux 3.2.63-1
 	- linux-2.6 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lkml.org/lkml/2014/7/2/518
-CVE-2014-4170
-	RESERVED
+CVE-2014-4170 (A Privilege Escalation Vulnerability exists in Free Reprintables Artic ...)
+	TODO: check
 CVE-2014-4169
 	RESERVED
 CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in SHOUTc ...)
@@ -16615,8 +16615,8 @@ CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Li
 	- sosreport <not-affected> (RedHat-specific issue)
 CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0 ...)
 	- kanboard <itp> (bug #790814)
-CVE-2014-3919
-	RESERVED
+CVE-2014-3919 (A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp ...)
+	TODO: check
 CVE-2014-3918
 	RESERVED
 CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 all ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 02ad08d50f..29442e53f4 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -4433,8 +4433,8 @@ CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to byp
 	NOTE: https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 (suricata-5.0.1)
 	NOTE: https://redmine.openinfosecfoundation.org/issues/3324
 	NOTE: https://redmine.openinfosecfoundation.org/issues/3394
-CVE-2019-18791
-	RESERVED
+CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devices ha ...)
+	TODO: check
 CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
 	{DLA-2017-1}
 	- asterisk <unfixed> (bug #947381)
@@ -14777,8 +14777,8 @@ CVE-2019-14600 (Uncontrolled search path element in the installer for Intel(R) S
 	NOT-FOR-US: Intel
 CVE-2019-14599 (Unquoted service path in Control Center-I version 2.1.0.0 and earlier  ...)
 	NOT-FOR-US: Intel
-CVE-2019-14598
-	RESERVED
+CVE-2019-14598 (Improper Authentication in subsystem in Intel(R) CSME versions 12.0 th ...)
+	TODO: check
 CVE-2019-14597
 	RESERVED
 CVE-2019-14596 (Improper access control in the installer for Intel(R) Chipset Device S ...)
@@ -25116,8 +25116,8 @@ CVE-2019-10787 (im-resize through 2.3.2 allows remote attackers to execute arbit
 	TODO: check
 CVE-2019-10786 (network-manager through 1.0.2 allows remote attackers to execute arbit ...)
 	NOT-FOR-US: network-manager node module
-CVE-2019-10785
-	RESERVED
+CVE-2019-10785 (dojox is vulnerable to Cross-site Scripting in all versions before ver ...)
+	TODO: check
 CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...)
 	- phppgadmin <unfixed>
 	NOTE: https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885
@@ -41454,8 +41454,8 @@ CVE-2019-4668
 	RESERVED
 CVE-2019-4667
 	RESERVED
-CVE-2019-4666
-	RESERVED
+CVE-2019-4666 (IBM UrbanCode Deploy (UCD) 7.0.3 and IBM UrbanCode Build 6.1.5 could a ...)
+	TODO: check
 CVE-2019-4665 (IBM Spectrum Scale 4.2 and 5.0 is vulnerable to cross-site scripting.  ...)
 	NOT-FOR-US: IBM
 CVE-2019-4664
@@ -41602,8 +41602,8 @@ CVE-2019-4594
 	RESERVED
 CVE-2019-4593
 	RESERVED
-CVE-2019-4592
-	RESERVED
+CVE-2019-4592 (IBM Tivoli Monitoring Service 6.3.0.7.3 through 6.3.0.7.10 could allow ...)
+	TODO: check
 CVE-2019-4591
 	RESERVED
 CVE-2019-4590
@@ -47019,8 +47019,8 @@ CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, the
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
 	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
 	NOTE: https://github.com/clearlinux-pkgs/libjpeg-turbo/commit/0a5d06c3dd4a64754d7e6ffa081fd9132714f74c
-CVE-2019-2200
-	RESERVED
+CVE-2019-2200 (In updatePermissions of PermissionManagerService.java, it may be possi ...)
+	TODO: check
 CVE-2019-2199 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
 	NOT-FOR-US: Android
 CVE-2019-2198 (In Download Provider, there is a possible SQL injection vulnerability. ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 9a0489bff4..56b2d1632c 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,47 @@
+CVE-2020-8986
+	RESERVED
+CVE-2020-8985
+	RESERVED
+CVE-2020-8984
+	RESERVED
+CVE-2020-8983
+	RESERVED
+CVE-2020-8982
+	RESERVED
+CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...)
+	TODO: check
+CVE-2020-8980
+	RESERVED
+CVE-2020-8979
+	RESERVED
+CVE-2020-8978
+	RESERVED
+CVE-2020-8977
+	RESERVED
+CVE-2020-8976
+	RESERVED
+CVE-2020-8975
+	RESERVED
+CVE-2020-8974
+	RESERVED
+CVE-2020-8973
+	RESERVED
+CVE-2020-8972
+	RESERVED
+CVE-2020-8971
+	RESERVED
+CVE-2020-8970
+	RESERVED
+CVE-2020-8969
+	RESERVED
+CVE-2020-8968
+	RESERVED
+CVE-2020-8967
+	RESERVED
+CVE-2020-8966
+	RESERVED
+CVE-2020-8965
+	RESERVED
 CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
 	NOT-FOR-US: TimeTools devices
 CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
@@ -323,16 +367,16 @@ CVE-2020-8806
 	RESERVED
 CVE-2020-8805
 	RESERVED
-CVE-2020-8804
-	RESERVED
-CVE-2020-8803
-	RESERVED
-CVE-2020-8802
-	RESERVED
-CVE-2020-8801
-	RESERVED
-CVE-2020-8800
-	RESERVED
+CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...)
+	TODO: check
+CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...)
+	TODO: check
+CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...)
+	TODO: check
+CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...)
+	TODO: check
+CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...)
+	TODO: check
 CVE-2020-8799
 	RESERVED
 CVE-2020-8798
@@ -711,8 +755,8 @@ CVE-2020-8616
 	RESERVED
 CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...)
 	NOT-FOR-US: Tutor LMS plugin for WordPress
-CVE-2020-8614
-	RESERVED
+CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...)
+	TODO: check
 CVE-2020-8613
 	RESERVED
 CVE-2020-8612
@@ -3991,8 +4035,8 @@ CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longt
 	NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/
 CVE-2020-7052 (CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow unco ...)
 	NOT-FOR-US: CODESYS
-CVE-2020-7051
-	RESERVED
+CVE-2020-7051 (An issue was discovered in Codologic Codoforum 4.8.4. While creating a ...)
+	TODO: check
 CVE-2020-7050
 	RESERVED
 CVE-2020-7049
@@ -4548,7 +4592,7 @@ CVE-2020-6801
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
 CVE-2020-6800
 	RESERVED
-	{DSA-4620-1}
+	{DSA-4620-1 DLA-2102-1}
 	- firefox 73.0-1
 	- firefox-esr 68.5.0esr-1
 	- thunderbird 1:68.5.0-1
@@ -4563,7 +4607,7 @@ CVE-2020-6799
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
 CVE-2020-6798
 	RESERVED
-	{DSA-4620-1}
+	{DSA-4620-1 DLA-2102-1}
 	- firefox 73.0-1
 	- firefox-esr 68.5.0esr-1
 	- thunderbird 1:68.5.0-1
@@ -4580,7 +4624,7 @@ CVE-2020-6797
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797
 CVE-2020-6796
 	RESERVED
-	{DSA-4620-1}
+	{DSA-4620-1 DLA-2102-1}
 	- firefox 73.0-1
 	- firefox-esr 68.5.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
@@ -10806,95 +10850,94 @@ CVE-2020-3765
 	RESERVED
 CVE-2020-3764
 	RESERVED
-CVE-2020-3763
-	RESERVED
-CVE-2020-3762
-	RESERVED
+CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
 CVE-2020-3761
 	RESERVED
-CVE-2020-3760
-	RESERVED
-CVE-2020-3759
-	RESERVED
+CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...)
+	TODO: check
+CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors  ...)
+	TODO: check
 CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
 	NOT-FOR-US: Magento
-CVE-2020-3757
-	RESERVED
+CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and ear ...)
 	NOT-FOR-US: Adobe
-CVE-2020-3756
-	RESERVED
-CVE-2020-3755
-	RESERVED
-CVE-2020-3754
-	RESERVED
-CVE-2020-3753
-	RESERVED
-CVE-2020-3752
-	RESERVED
-CVE-2020-3751
-	RESERVED
-CVE-2020-3750
-	RESERVED
-CVE-2020-3749
-	RESERVED
-CVE-2020-3748
-	RESERVED
-CVE-2020-3747
-	RESERVED
-CVE-2020-3746
-	RESERVED
-CVE-2020-3745
-	RESERVED
-CVE-2020-3744
-	RESERVED
-CVE-2020-3743
-	RESERVED
-CVE-2020-3742
-	RESERVED
-CVE-2020-3741
-	RESERVED
-CVE-2020-3740
-	RESERVED
-CVE-2020-3739
-	RESERVED
-CVE-2020-3738
-	RESERVED
-CVE-2020-3737
-	RESERVED
-CVE-2020-3736
-	RESERVED
-CVE-2020-3735
-	RESERVED
-CVE-2020-3734
-	RESERVED
-CVE-2020-3733
-	RESERVED
-CVE-2020-3732
-	RESERVED
-CVE-2020-3731
-	RESERVED
-CVE-2020-3730
-	RESERVED
-CVE-2020-3729
-	RESERVED
-CVE-2020-3728
-	RESERVED
-CVE-2020-3727
-	RESERVED
-CVE-2020-3726
-	RESERVED
-CVE-2020-3725
-	RESERVED
-CVE-2020-3724
-	RESERVED
-CVE-2020-3723
-	RESERVED
-CVE-2020-3722
-	RESERVED
-CVE-2020-3721
-	RESERVED
-CVE-2020-3720
-	RESERVED
+CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
+	TODO: check
+CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.01 ...)
+	TODO: check
+CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled re ...)
+	TODO: check
+CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption  ...)
+	TODO: check
+CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption  ...)
+	TODO: check
+CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...)
+	TODO: check
+CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer error vulne ...)
+	TODO: check
+CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...)
+	TODO: check
+CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
+CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...)
+	TODO: check
 CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
 	NOT-FOR-US: Magento
 CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
@@ -17362,16 +17405,16 @@ CVE-2020-0566
 	RESERVED
 CVE-2020-0565
 	RESERVED
-CVE-2020-0564
-	RESERVED
-CVE-2020-0563
-	RESERVED
-CVE-2020-0562
-	RESERVED
-CVE-2020-0561
-	RESERVED
-CVE-2020-0560
-	RESERVED
+CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...)
+	TODO: check
+CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...)
+	TODO: check
+CVE-2020-0562 (Improper permissions in the installer for Intel(R) RWC2, all versions, ...)
+	TODO: check
+CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may  ...)
+	TODO: check
+CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...)
+	TODO: check
 CVE-2020-0559
 	RESERVED
 CVE-2020-0558
@@ -18439,43 +18482,42 @@ CVE-2020-0032
 	RESERVED
 CVE-2020-0031
 	RESERVED
-CVE-2020-0030
-	RESERVED
+CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...)
 	- linux 4.15.11-1
 	[stretch] - linux 4.9.210-1
 	NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a
 CVE-2020-0029
 	RESERVED
-CVE-2020-0028
-	RESERVED
-CVE-2020-0027
-	RESERVED
-CVE-2020-0026
-	RESERVED
+CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...)
+	TODO: check
+CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of ...)
+	TODO: check
+CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...)
+	TODO: check
 CVE-2020-0025
 	RESERVED
 CVE-2020-0024
 	RESERVED
-CVE-2020-0023
-	RESERVED
-CVE-2020-0022
-	RESERVED
-CVE-2020-0021
-	RESERVED
-CVE-2020-0020
-	RESERVED
+CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...)
+	TODO: check
+CVE-2020-0022 (In reassemble_and_dispatch of packet_fragmenter.cc, there is possible  ...)
+	TODO: check
+CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there is a p ...)
+	TODO: check
+CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...)
+	TODO: check
 CVE-2020-0019
 	RESERVED
-CVE-2020-0018
-	RESERVED
-CVE-2020-0017
-	RESERVED
+CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...)
+	TODO: check
+CVE-2020-0017 (In multiple places, it was possible for the primary user&#8217;s dicti ...)
+	TODO: check
 CVE-2020-0016
 	RESERVED
-CVE-2020-0015
-	RESERVED
-CVE-2020-0014
-	RESERVED
+CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay  ...)
+	TODO: check
+CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...)
+	TODO: check
 CVE-2020-0013
 	RESERVED
 CVE-2020-0012
@@ -18493,8 +18535,8 @@ CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information
 	NOT-FOR-US: Android
 CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possibl ...)
 	NOT-FOR-US: Android
-CVE-2020-0005
-	RESERVED
+CVE-2020-0005 (In btm_read_remote_ext_features_complete of btm_acl.cc, there is a pos ...)
+	TODO: check
 CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a possible s ...)
 	NOT-FOR-US: Android
 CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package validati ...)
author	security tracker role <sectracker@soriano.debian.org>	2020-02-13 20:10:21 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-13 20:10:21 +0000
commit	25e8ea8fcfde03c91d69a2226e265459a8c055ac (patch)
tree	1efd8551ac4b646e87998f49d9df13204df5f2ec
parent	32619a748e34985eaf05809706bf306f3a38b663 (diff)