diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-12-15 08:10:25 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-12-15 08:10:25 +0000 |
commit | 43502538f4426f93c103f575806870292ac2354b (patch) | |
tree | 83fbe64fcea61303e94a19504931ab319dc3de03 /data/CVE | |
parent | 303e5207977d68b3778c35bb72cdf201d0678d85 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2017.list | 4 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 34 | ||||
-rw-r--r-- | data/CVE/2020.list | 260 |
4 files changed, 165 insertions, 135 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 420b509d91..4081f83d74 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -17681,9 +17681,9 @@ CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Module NOT-FOR-US: Siemens CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 device ...) NOT-FOR-US: Siemens -CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An attac ...) +CVE-2017-12735 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens -CVE-2017-12734 (A vulnerability has been identified in Siemens LOGO! devices before V1 ...) +CVE-2017-12734 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...) NOT-FOR-US: SiteSentinel diff --git a/data/CVE/2018.list b/data/CVE/2018.list index d58ddb72e8..54c6869b0a 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -43965,7 +43965,7 @@ CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic & NOT-FOR-US: Siemens / TeleControl Server Basic CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers P ...) NOT-FOR-US: Desigo -CVE-2018-4833 (A vulnerability has been identified in RFID 181-EIP (All versions), RU ...) +CVE-2018-4833 (A vulnerability has been identified in RFID 181EIP (All versions), RUG ...) NOT-FOR-US: Siemens CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...) NOT-FOR-US: Siemens diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 1cb6865131..2a3eb3e26e 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4324,20 +4324,20 @@ CVE-2019-19291 (A vulnerability has been identified in SiNVR 3 Central Control S NOT-FOR-US: SiNVR 3 Central Control Server (CCS) CVE-2019-19290 (A vulnerability has been identified in SiNVR 3 Central Control Server ...) NOT-FOR-US: SiNVR 3 Central Control Server (CCS) -CVE-2019-19289 - RESERVED -CVE-2019-19288 - RESERVED -CVE-2019-19287 - RESERVED -CVE-2019-19286 - RESERVED -CVE-2019-19285 - RESERVED -CVE-2019-19284 - RESERVED -CVE-2019-19283 - RESERVED +CVE-2019-19289 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) + TODO: check +CVE-2019-19288 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) + TODO: check +CVE-2019-19287 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) + TODO: check +CVE-2019-19286 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) + TODO: check +CVE-2019-19285 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) + TODO: check +CVE-2019-19284 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) + TODO: check +CVE-2019-19283 (A vulnerability has been identified in XHQ (All Versions < 6.1). Th ...) + TODO: check CVE-2019-19282 (A vulnerability has been identified in OpenPCS 7 V8.1 (All versions), ...) NOT-FOR-US: Siemens CVE-2019-19281 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) @@ -26302,11 +26302,11 @@ CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Ki NOT-FOR-US: Siemens CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) NOT-FOR-US: Siemens -CVE-2019-10921 (A vulnerability has been identified in LOGO!8 BM (All versions). Unenc ...) +CVE-2019-10921 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens -CVE-2019-10920 (A vulnerability has been identified in LOGO!8 BM (All versions). Proje ...) +CVE-2019-10920 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens -CVE-2019-10919 (A vulnerability has been identified in LOGO!8 BM (All versions). Attac ...) +CVE-2019-10919 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2019-10918 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) NOT-FOR-US: Siemens diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 2bde7de1a3..c1becc93ac 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,43 @@ +CVE-2020-35472 + RESERVED +CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...) + TODO: check +CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address because it co ...) + TODO: check +CVE-2020-35469 + RESERVED +CVE-2020-35468 + RESERVED +CVE-2020-35467 + RESERVED +CVE-2020-35466 + RESERVED +CVE-2020-35465 + RESERVED +CVE-2020-35464 + RESERVED +CVE-2020-35463 + RESERVED +CVE-2020-35462 + RESERVED +CVE-2020-35461 + RESERVED +CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows dir ...) + TODO: check +CVE-2020-35459 + RESERVED +CVE-2020-35458 + RESERVED +CVE-2020-35457 (** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that ...) + TODO: check +CVE-2020-35456 + RESERVED +CVE-2020-35455 + RESERVED +CVE-2020-35454 + RESERVED +CVE-2020-35453 + RESERVED CVE-2020-35452 RESERVED CVE-2020-35451 @@ -1095,12 +1135,12 @@ CVE-2020-29513 RESERVED CVE-2020-29512 RESERVED -CVE-2020-29511 - RESERVED -CVE-2020-29510 - RESERVED -CVE-2020-29509 - RESERVED +CVE-2020-29511 (The encoding/xml package in Go (all versions) does not correctly prese ...) + TODO: check +CVE-2020-29510 (The encoding/xml package in Go versions 1.15 and earlier does not corr ...) + TODO: check +CVE-2020-29509 (The encoding/xml package in Go (all versions) does not correctly prese ...) + TODO: check CVE-2020-29508 RESERVED CVE-2020-29507 @@ -1557,10 +1597,10 @@ CVE-2020-29306 RESERVED CVE-2020-29305 RESERVED -CVE-2020-29304 - RESERVED -CVE-2020-29303 - RESERVED +CVE-2020-29304 (A cross-site scripting (XSS) vulnerability exists in the SabaiApps Wor ...) + TODO: check +CVE-2020-29303 (A cross-site scripting (XSS) vulnerability in the SabaiApp Directories ...) + TODO: check CVE-2020-29302 RESERVED CVE-2020-29301 @@ -2525,10 +2565,10 @@ CVE-2020-28863 RESERVED CVE-2020-28862 RESERVED -CVE-2020-28861 - RESERVED -CVE-2020-28860 - RESERVED +CVE-2020-28861 (OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to ...) + TODO: check +CVE-2020-28860 (OpenAssetDigital Asset Management (DAM) through 12.0.19 does not corre ...) + TODO: check CVE-2020-28859 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...) NOT-FOR-US: OpenAsset Digital Asset Management (DAM) CVE-2020-28858 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...) @@ -3481,8 +3521,8 @@ CVE-2020-28398 RESERVED CVE-2020-28397 RESERVED -CVE-2020-28396 - RESERVED +CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...) + TODO: check CVE-2020-28395 RESERVED CVE-2020-28394 @@ -6161,8 +6201,8 @@ CVE-2020-27254 RESERVED CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...) NOT-FOR-US: FactoryTalk -CVE-2020-27252 - RESERVED +CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race ...) + TODO: check CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...) NOT-FOR-US: FactoryTalk CVE-2020-27250 @@ -10773,22 +10813,22 @@ CVE-2020-25237 RESERVED CVE-2020-25236 RESERVED -CVE-2020-25235 - RESERVED -CVE-2020-25234 - RESERVED -CVE-2020-25233 - RESERVED -CVE-2020-25232 - RESERVED -CVE-2020-25231 - RESERVED -CVE-2020-25230 - RESERVED -CVE-2020-25229 - RESERVED -CVE-2020-25228 - RESERVED +CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + TODO: check +CVE-2020-25234 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + TODO: check +CVE-2020-25233 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + TODO: check +CVE-2020-25232 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + TODO: check +CVE-2020-25231 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + TODO: check +CVE-2020-25230 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + TODO: check +CVE-2020-25229 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + TODO: check +CVE-2020-25228 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + TODO: check CVE-2020-25227 RESERVED CVE-2020-25226 @@ -10904,16 +10944,16 @@ CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer o NOT-FOR-US: Paradox IP150 CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...) NOT-FOR-US: LAquis SCADA -CVE-2020-25187 - RESERVED +CVE-2020-25187 (Medtronic MyCareLink Smart 25000 all versions are vulnerable when an a ...) + TODO: check CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...) NOT-FOR-US: LeviStudioU Release CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer ...) NOT-FOR-US: Paradox IP150 CVE-2020-25184 RESERVED -CVE-2020-25183 - RESERVED +CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an authenticatio ...) + TODO: check CVE-2020-25182 RESERVED CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer over ...) @@ -21105,8 +21145,8 @@ CVE-2020-20191 RESERVED CVE-2020-20190 RESERVED -CVE-2020-20189 - RESERVED +CVE-2020-20189 (SQL Injection vulnerability in NewPK 1.1 via the title parameter to ad ...) + TODO: check CVE-2020-20188 RESERVED CVE-2020-20187 @@ -21115,10 +21155,10 @@ CVE-2020-20186 RESERVED CVE-2020-20185 RESERVED -CVE-2020-20184 - RESERVED -CVE-2020-20183 - RESERVED +CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...) + TODO: check +CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel’s P1302- ...) + TODO: check CVE-2020-20182 RESERVED CVE-2020-20181 @@ -29530,12 +29570,12 @@ CVE-2020-16106 RESERVED CVE-2020-16105 RESERVED -CVE-2020-16104 - RESERVED -CVE-2020-16103 - RESERVED -CVE-2020-16102 - RESERVED +CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...) + TODO: check +CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...) + TODO: check +CVE-2020-16102 (Improper Authentication vulnerability in Gallagher Command Centre Serv ...) + TODO: check CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...) @@ -30380,8 +30420,8 @@ CVE-2020-15798 RESERVED CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...) NOT-FOR-US: DCA Vantage Analyzer -CVE-2020-15796 - RESERVED +CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) + TODO: check CVE-2020-15795 RESERVED CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...) @@ -30398,7 +30438,7 @@ CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webcl NOT-FOR-US: Siemens CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) NOT-FOR-US: Siemens -CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI United Comfort Pane ...) +CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI Unified Comfort Pan ...) NOT-FOR-US: Siemens CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...) NOT-FOR-US: Siemens @@ -33899,8 +33939,7 @@ CVE-2020-14370 (An information disclosure vulnerability was found in containers/ NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074 CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability was foun ...) NOT-FOR-US: Red Hat CloudForm -CVE-2020-14368 - RESERVED +CVE-2020-14368 (A flaw was found in Eclipse Che in versions prior to 7.14.0 that impac ...) NOT-FOR-US: Eclipse Che CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...) - chrony 3.5.1-1 (unimportant) @@ -49066,26 +49105,23 @@ CVE-2020-8288 RESERVED CVE-2020-8287 RESERVED -CVE-2020-8286 [Inferior OCSP verification] - RESERVED +CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...) - curl <unfixed> (bug #977161) NOTE: https://curl.se/docs/CVE-2020-8286.html NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0) -CVE-2020-8285 [FTP wildcard stack overflow] - RESERVED +CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...) - curl <unfixed> (bug #977162) NOTE: https://curl.se/docs/CVE-2020-8285.html NOTE: https://github.com/curl/curl/issues/6255 NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0) -CVE-2020-8284 [trusting FTP PASV responses] - RESERVED +CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0 ...) - curl <unfixed> (bug #977163) NOTE: https://curl.se/docs/CVE-2020-8284.html NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0) -CVE-2020-8283 - RESERVED -CVE-2020-8282 - RESERVED +CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...) + TODO: check +CVE-2020-8282 (A security issue was found in EdgePower 24V/54V firmware v1.7.0 and ea ...) + TODO: check CVE-2020-8281 RESERVED CVE-2020-8280 @@ -49141,10 +49177,10 @@ CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8259 (Insufficient protection of the server-side encryption keys in Nextclou ...) - nextcloud-server <itp> (bug #941708) -CVE-2020-8258 - RESERVED -CVE-2020-8257 - RESERVED +CVE-2020-8258 (Improper privilege management on services run by Citrix Gateway Plug-i ...) + TODO: check +CVE-2020-8257 (Improper privilege management on services run by Citrix Gateway Plug-i ...) + TODO: check CVE-2020-8256 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8255 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web inter ...) @@ -49210,8 +49246,7 @@ CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware & NOT-FOR-US: Edgeswitch CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...) NOT-FOR-US: Edgeswitch -CVE-2020-8231 - RESERVED +CVE-2020-8231 (Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can us ...) {DLA-2382-1} - curl 7.72.0-1 (bug #968831) [buster] - curl <no-dsa> (Minor issue) @@ -49350,8 +49385,7 @@ CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18 - node-jison <not-affected> (Vulnerable code not included in Debian source) NOTE: https://hackerone.com/reports/690010 NOTE: ports/ is stripped/excluded in the src:node-jison source package. -CVE-2020-8177 - RESERVED +CVE-2020-8177 (curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...) {DLA-2295-1} - curl 7.72.0-1 (bug #965281) [buster] - curl <no-dsa> (Minor issue) @@ -49376,8 +49410,7 @@ CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6 NOT-FOR-US: AirMax AirOS CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS -CVE-2020-8169 - RESERVED +CVE-2020-8169 (curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure ...) - curl 7.72.0-1 (bug #965280) [buster] - curl <no-dsa> (Minor issue) [stretch] - curl <not-affected> (Vulnerable code introduced later) @@ -50768,7 +50801,7 @@ CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions &l NOT-FOR-US: Siemens CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...) NOT-FOR-US: DCA Vantage Analyzer -CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variant ...) +CVE-2020-7589 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-7588 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) NOT-FOR-US: Siemens @@ -66751,48 +66784,46 @@ CVE-2020-0472 RESERVED CVE-2020-0471 RESERVED -CVE-2020-0470 - RESERVED -CVE-2020-0469 - RESERVED -CVE-2020-0468 - RESERVED -CVE-2020-0467 - RESERVED -CVE-2020-0466 - RESERVED +CVE-2020-0470 (In extend_frame_highbd of restoration.c, there is a possible out of bo ...) + TODO: check +CVE-2020-0469 (In addEscrowToken of LockSettingsService.java, there is a possible los ...) + TODO: check +CVE-2020-0468 (In listen() and related functions of TelephonyRegistry.java, there is ...) + TODO: check +CVE-2020-0467 (In onUserStopped of Vpn.java, there is a possible resetting of user pr ...) + TODO: check +CVE-2020-0466 (In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a poss ...) - linux 5.8.7-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/52c479697c9b73f628140dcdfcd39ea302d05482 NOTE: https://git.kernel.org/linus/a9ed4a6560b8562b7e2e2bed9527e88001f7b682 -CVE-2020-0465 - RESERVED +CVE-2020-0465 (In various methods of hid-multitouch.c, there is a possible out of bou ...) - linux 5.8.7-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/35556bed836f8dc07ac55f69c8d17dce3e7f0e25 NOTE: https://git.kernel.org/linus/bce1305c0ece3dc549663605e567655dd701752c -CVE-2020-0464 - RESERVED -CVE-2020-0463 - RESERVED +CVE-2020-0464 (In resolv_cache_lookup of res_cache.cpp, there is a possible side chan ...) + TODO: check +CVE-2020-0463 (In sdp_server_handle_client_req of sdp_server.cc, there is a possible ...) + TODO: check CVE-2020-0462 RESERVED CVE-2020-0461 RESERVED -CVE-2020-0460 - RESERVED -CVE-2020-0459 - RESERVED -CVE-2020-0458 - RESERVED -CVE-2020-0457 - RESERVED -CVE-2020-0456 - RESERVED -CVE-2020-0455 - RESERVED +CVE-2020-0460 (In createNameCredentialDialog of CertInstaller.java, there exists the ...) + TODO: check +CVE-2020-0459 (In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, th ...) + TODO: check +CVE-2020-0458 (In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEnc ...) + TODO: check +CVE-2020-0457 (There is a possible out of bounds write due to a missing bounds check. ...) + TODO: check +CVE-2020-0456 (There is a possible out of bounds write due to a missing bounds check. ...) + TODO: check +CVE-2020-0455 (There is a possible out of bounds write due to a missing bounds check. ...) + TODO: check CVE-2020-0454 (In callCallbackForRequest of ConnectivityService.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-0453 (In updateNotification of BeamTransferManager.java, there is a possible ...) @@ -66815,8 +66846,7 @@ CVE-2020-0446 (There is a possible out of bounds write due to a missing bounds c NOT-FOR-US: MediaTek components for Android CVE-2020-0445 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android -CVE-2020-0444 - RESERVED +CVE-2020-0444 (In audit_free_lsm_field of auditfilter.c, there is a possible bad kfre ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 @@ -66827,8 +66857,8 @@ CVE-2020-0442 (In Message and toBundle of Notification.java, there is a possible NOT-FOR-US: Android CVE-2020-0441 (In Message and toBundle of Notification.java, there is a possible reso ...) NOT-FOR-US: Android -CVE-2020-0440 - RESERVED +CVE-2020-0440 (In createVirtualDisplay of DisplayManagerService.java, there is a poss ...) + TODO: check CVE-2020-0439 (In generatePackageInfo of PackageManagerService.java, there is a possi ...) NOT-FOR-US: Android CVE-2020-0438 (In the AIBinder_Class constructor of ibinder.cpp, there is a possible ...) @@ -67153,7 +67183,7 @@ CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypa NOT-FOR-US: Android CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...) NOT-FOR-US: Android -CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass due to ...) +CVE-2020-0294 (In bindWallpaperComponentLocked of WallpaperManagerService.java, there ...) NOT-FOR-US: Android CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...) NOT-FOR-US: Android @@ -67560,8 +67590,8 @@ CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible infor NOT-FOR-US: Android media framework CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...) NOT-FOR-US: Android media framework -CVE-2020-0099 - RESERVED +CVE-2020-0099 (In addWindow of WindowManagerService.java, there is a possible window ...) + TODO: check CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible ...) @@ -67740,14 +67770,14 @@ CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there i NOT-FOR-US: Android CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...) NOT-FOR-US: Android -CVE-2020-0019 - RESERVED +CVE-2020-0019 (In the Broadcom Nexus firmware, there is an insecure default password. ...) + TODO: check CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...) NOT-FOR-US: Android CVE-2020-0017 (In multiple places, it was possible for the primary user’s dicti ...) NOT-FOR-US: Android -CVE-2020-0016 - RESERVED +CVE-2020-0016 (In the Broadcom Nexus firmware, there is an insecure default password. ...) + TODO: check CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...) NOT-FOR-US: Android CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...) |