From 23a2001d3d731b5cc17880606e8ab46d6fc3fbab Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 18 Sep 2020 08:10:14 +0000 Subject: automatic update --- data/CVE/list.2020 | 370 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 210 insertions(+), 160 deletions(-) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 4e926550cd..122bcf2923 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,53 @@ +CVE-2020-25764 + RESERVED +CVE-2020-25763 + RESERVED +CVE-2020-25762 + RESERVED +CVE-2020-25761 + RESERVED +CVE-2020-25760 + RESERVED +CVE-2020-25759 + RESERVED +CVE-2020-25758 + RESERVED +CVE-2020-25757 + RESERVED +CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...) + TODO: check +CVE-2020-25755 + RESERVED +CVE-2020-25754 + RESERVED +CVE-2020-25753 + RESERVED +CVE-2020-25752 + RESERVED +CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via ...) + TODO: check +CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...) + TODO: check +CVE-2020-25749 + RESERVED +CVE-2020-25748 + RESERVED +CVE-2020-25747 + RESERVED +CVE-2020-25746 + RESERVED +CVE-2020-25745 + RESERVED +CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to ...) + TODO: check +CVE-2020-25743 + RESERVED +CVE-2020-25742 + RESERVED +CVE-2020-25741 + RESERVED +CVE-2020-25740 + RESERVED CVE-2020-25739 RESERVED CVE-2020-25738 @@ -6,12 +56,12 @@ CVE-2020-25737 RESERVED CVE-2020-25736 RESERVED -CVE-2020-25735 - RESERVED -CVE-2020-25734 - RESERVED -CVE-2020-25733 - RESERVED +CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...) + TODO: check +CVE-2020-25734 (webTareas through 2.1 allows files/Default/ Directory Listing. ...) + TODO: check +CVE-2020-25733 (webTareas through 2.1 allows upload of the dangerous .exe and .shtml f ...) + TODO: check CVE-2020-25732 RESERVED CVE-2020-25731 @@ -21795,18 +21845,18 @@ CVE-2020-15189 RESERVED CVE-2020-15188 RESERVED -CVE-2020-15187 - RESERVED -CVE-2020-15186 - RESERVED -CVE-2020-15185 - RESERVED -CVE-2020-15184 - RESERVED -CVE-2020-15183 - RESERVED -CVE-2020-15182 - RESERVED +CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...) + TODO: check +CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...) + TODO: check +CVE-2020-15185 (In Helm before versions 2.16.11 and 3.3.2, a Helm repository can conta ...) + TODO: check +CVE-2020-15184 (In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the ...) + TODO: check +CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting ...) + TODO: check +CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...) + TODO: check CVE-2020-15181 RESERVED CVE-2020-15180 @@ -26498,8 +26548,8 @@ CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/E CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...) - gitlab (Only affects GitLab 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ -CVE-2020-13260 - RESERVED +CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) + TODO: check CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) @@ -45035,10 +45085,10 @@ CVE-2020-5631 RESERVED CVE-2020-5630 RESERVED -CVE-2020-5629 - RESERVED -CVE-2020-5628 - RESERVED +CVE-2020-5629 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...) + TODO: check +CVE-2020-5628 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...) + TODO: check CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows remote att ...) NOT-FOR-US: Yodobashi App for Android CVE-2020-5626 @@ -45081,10 +45131,10 @@ CVE-2020-5608 (CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08 NOT-FOR-US: Yokogawa CAMS CVE-2020-5607 (Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows re ...) NOT-FOR-US: SHIRASAGI -CVE-2020-5606 - RESERVED -CVE-2020-5605 - RESERVED +CVE-2020-5606 (Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earli ...) + TODO: check +CVE-2020-5605 (Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlie ...) + TODO: check CVE-2020-5604 (Android App 'Mercari' (Japan version) prior to version 3.52.0 allows a ...) NOT-FOR-US: Mercari CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi Electori ...) @@ -56305,10 +56355,10 @@ CVE-2020-0428 (In CamX code, there is a possible use after free due to a race co TODO: check CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...) TODO: check -CVE-2020-0426 - RESERVED -CVE-2020-0425 - RESERVED +CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an unsafe ...) + TODO: check +CVE-2020-0425 (There is a possible way to view notifications even when the "Lockdown" ...) + TODO: check CVE-2020-0424 RESERVED CVE-2020-0423 @@ -56345,8 +56395,8 @@ CVE-2020-0408 RESERVED CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...) TODO: check -CVE-2020-0406 - RESERVED +CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...) + TODO: check CVE-2020-0405 RESERVED CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...) @@ -56411,56 +56461,56 @@ CVE-2020-0377 RESERVED CVE-2020-0376 RESERVED -CVE-2020-0375 - RESERVED -CVE-2020-0374 - RESERVED -CVE-2020-0373 - RESERVED -CVE-2020-0372 - RESERVED +CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a missing p ...) + TODO: check +CVE-2020-0374 (In NFC, there is a possible permission bypass due to an unsafe Pending ...) + TODO: check +CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds read due t ...) + TODO: check +CVE-2020-0372 (In ActivityManager, there is a possible access to protected data due t ...) + TODO: check CVE-2020-0371 RESERVED -CVE-2020-0370 - RESERVED -CVE-2020-0369 - RESERVED +CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to missing bo ...) + TODO: check +CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an integer o ...) + TODO: check CVE-2020-0368 RESERVED CVE-2020-0367 RESERVED -CVE-2020-0366 - RESERVED +CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...) + TODO: check CVE-2020-0365 RESERVED -CVE-2020-0364 - RESERVED -CVE-2020-0363 - RESERVED -CVE-2020-0362 - RESERVED -CVE-2020-0361 - RESERVED -CVE-2020-0360 - RESERVED -CVE-2020-0359 - RESERVED -CVE-2020-0358 - RESERVED -CVE-2020-0357 - RESERVED -CVE-2020-0356 - RESERVED -CVE-2020-0355 - RESERVED +CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...) + TODO: check +CVE-2020-0362 (In libstagefright, there is a possible resource exhaustion due to impr ...) + TODO: check +CVE-2020-0361 (In libDRCdec, there is a possible information disclosure due to uninit ...) + TODO: check +CVE-2020-0360 (In Notification Access Confirmation, there is a possible permissions b ...) + TODO: check +CVE-2020-0359 (In GLESRenderEngine, there is a possible out of bounds read due to a b ...) + TODO: check +CVE-2020-0358 (In SurfaceFlinger, there is a possible use after free due to a race co ...) + TODO: check +CVE-2020-0357 (In SurfaceFlinger, there is a possible use-after-free due to improper ...) + TODO: check +CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to an in ...) + TODO: check +CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...) + TODO: check CVE-2020-0354 RESERVED -CVE-2020-0353 - RESERVED -CVE-2020-0352 - RESERVED -CVE-2020-0351 - RESERVED +CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...) + TODO: check +CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...) + TODO: check +CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...) + TODO: check CVE-2020-0350 RESERVED CVE-2020-0349 @@ -56469,88 +56519,88 @@ CVE-2020-0348 RESERVED CVE-2020-0347 RESERVED -CVE-2020-0346 - RESERVED -CVE-2020-0345 - RESERVED -CVE-2020-0344 - RESERVED -CVE-2020-0343 - RESERVED +CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...) + TODO: check +CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...) + TODO: check +CVE-2020-0344 (In MediaProvider, there is a possible permissions bypass due to SQL in ...) + TODO: check +CVE-2020-0343 (In NetworkStatsService, there is a possible access to protected data d ...) + TODO: check CVE-2020-0342 (There is a possible out of bounds write due to an incorrect bounds che ...) TODO: check -CVE-2020-0341 - RESERVED -CVE-2020-0340 - RESERVED +CVE-2020-0341 (In DisplayManager, there is a possible permission bypass due to a miss ...) + TODO: check +CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information disclosure d ...) + TODO: check CVE-2020-0339 RESERVED -CVE-2020-0338 - RESERVED -CVE-2020-0337 - RESERVED -CVE-2020-0336 - RESERVED +CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions check d ...) + TODO: check +CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions check du ...) + TODO: check +CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...) + TODO: check CVE-2020-0335 RESERVED CVE-2020-0334 RESERVED -CVE-2020-0333 - RESERVED -CVE-2020-0332 - RESERVED +CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...) + TODO: check +CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...) + TODO: check CVE-2020-0331 RESERVED -CVE-2020-0330 - RESERVED -CVE-2020-0329 - RESERVED -CVE-2020-0328 - RESERVED +CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...) + TODO: check +CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...) + TODO: check +CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...) + TODO: check CVE-2020-0327 RESERVED CVE-2020-0326 RESERVED CVE-2020-0325 RESERVED -CVE-2020-0324 - RESERVED -CVE-2020-0323 - RESERVED -CVE-2020-0322 - RESERVED -CVE-2020-0321 - RESERVED -CVE-2020-0320 - RESERVED +CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...) + TODO: check +CVE-2020-0322 (In apexd, there is a possible out of bounds read due to a missing boun ...) + TODO: check +CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due to u ...) + TODO: check +CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...) + TODO: check CVE-2020-0319 RESERVED CVE-2020-0318 RESERVED -CVE-2020-0317 - RESERVED +CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...) + TODO: check CVE-2020-0316 RESERVED CVE-2020-0315 RESERVED -CVE-2020-0314 - RESERVED +CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead ...) + TODO: check CVE-2020-0313 RESERVED -CVE-2020-0312 - RESERVED +CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...) + TODO: check CVE-2020-0311 RESERVED CVE-2020-0310 RESERVED CVE-2020-0309 RESERVED -CVE-2020-0308 - RESERVED +CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...) + TODO: check CVE-2020-0307 RESERVED -CVE-2020-0306 - RESERVED +CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...) + TODO: check CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...) - linux 5.4.13-1 [buster] - linux 4.19.98-1 @@ -56559,40 +56609,40 @@ CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079 CVE-2020-0304 RESERVED -CVE-2020-0303 - RESERVED +CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...) + TODO: check CVE-2020-0302 RESERVED -CVE-2020-0301 - RESERVED +CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...) + TODO: check CVE-2020-0300 RESERVED CVE-2020-0299 RESERVED CVE-2020-0298 RESERVED -CVE-2020-0297 - RESERVED -CVE-2020-0296 - RESERVED +CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to ...) + TODO: check +CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...) + TODO: check CVE-2020-0295 RESERVED CVE-2020-0294 RESERVED -CVE-2020-0293 - RESERVED +CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...) + TODO: check CVE-2020-0292 RESERVED CVE-2020-0291 RESERVED -CVE-2020-0290 - RESERVED -CVE-2020-0289 - RESERVED -CVE-2020-0288 - RESERVED -CVE-2020-0287 - RESERVED +CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...) + TODO: check +CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...) + TODO: check +CVE-2020-0288 (In PackageManager, there is a missing permission check. This could lea ...) + TODO: check +CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...) + TODO: check CVE-2020-0286 RESERVED CVE-2020-0285 @@ -56607,38 +56657,38 @@ CVE-2020-0281 RESERVED CVE-2020-0280 RESERVED -CVE-2020-0279 - RESERVED +CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...) + TODO: check CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...) TODO: check -CVE-2020-0277 - RESERVED +CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...) + TODO: check CVE-2020-0276 RESERVED -CVE-2020-0275 - RESERVED -CVE-2020-0274 - RESERVED +CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...) + TODO: check +CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...) + TODO: check CVE-2020-0273 RESERVED CVE-2020-0272 RESERVED CVE-2020-0271 RESERVED -CVE-2020-0270 - RESERVED +CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...) + TODO: check CVE-2020-0269 RESERVED CVE-2020-0268 RESERVED -CVE-2020-0267 - RESERVED -CVE-2020-0266 - RESERVED +CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due ...) + TODO: check +CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...) + TODO: check CVE-2020-0265 RESERVED -CVE-2020-0264 - RESERVED +CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...) + TODO: check CVE-2020-0263 RESERVED CVE-2020-0262 @@ -56918,8 +56968,8 @@ CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a NOT-FOR-US: Android Media Framework CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android Media Framework -CVE-2020-0130 - RESERVED +CVE-2020-0130 (In screencap, there is a possible command injection due to improper in ...) + TODO: check CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...) NOT-FOR-US: Android CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...) @@ -56928,8 +56978,8 @@ CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out NOT-FOR-US: Android Media Framework CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after ...) NOT-FOR-US: Android Media Framework -CVE-2020-0125 - RESERVED +CVE-2020-0125 (In mediadrm, there is a possible out of bounds read due to a missing b ...) + TODO: check CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2020-0123 (There is a possible out of bounds write due to an incorrect bounds che ...) -- cgit v1.2.3