From 7f2f58e6e4536006e2aa96c2aa09d1cddd7c0610 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 18 Sep 2020 20:10:25 +0000 Subject: automatic update --- data/CVE/list.2019 | 1 + data/CVE/list.2020 | 335 +++++++++++++++++++++++++++-------------------------- 2 files changed, 173 insertions(+), 163 deletions(-) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index e0943ea1f2..8ec5a9c5a5 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -8,6 +8,7 @@ CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0) NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0) CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...) + {DSA-4764-1} - inspircd 3.3.0-1 NOTE: https://docs.inspircd.org/security/2019-02/ NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index cadfbbee9b..e0d9042a0f 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,11 @@ +CVE-2020-25768 + RESERVED +CVE-2020-25767 + RESERVED +CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...) + TODO: check +CVE-2020-25765 + RESERVED CVE-2020-25764 RESERVED CVE-2020-25763 @@ -263,8 +271,8 @@ CVE-2020-25635 CVE-2020-25634 RESERVED NOT-FOR-US: 3scale -CVE-2020-25633 - RESERVED +CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...) + TODO: check CVE-2020-25632 RESERVED CVE-2020-25631 @@ -998,6 +1006,7 @@ CVE-2020-25271 CVE-2020-25270 RESERVED CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...) + {DSA-4764-1} - inspircd (bug #960650) NOTE: https://docs.inspircd.org/security/2020-01/ NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2) @@ -2387,8 +2396,8 @@ CVE-2020-24625 RESERVED CVE-2020-24624 RESERVED -CVE-2020-24623 - RESERVED +CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...) + TODO: check CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...) NOT-FOR-US: Sonatype CVE-2020-24621 @@ -19362,8 +19371,8 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3 NOTE: Upstream of the project did disputed the CVE. Upstream position is NOTE: that the refererred behaviour is intended functionality. -CVE-2020-16247 - RESERVED +CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) + TODO: check CVE-2020-16246 RESERVED CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...) @@ -19396,8 +19405,8 @@ CVE-2020-16232 RESERVED CVE-2020-16231 RESERVED -CVE-2020-16230 - RESERVED +CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...) + TODO: check CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) @@ -19456,12 +19465,12 @@ CVE-2020-16202 RESERVED CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation -CVE-2020-16200 - RESERVED +CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) + TODO: check CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation -CVE-2020-16198 - RESERVED +CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...) + TODO: check CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...) NOT-FOR-US: Octopus Deploy CVE-2020-16196 @@ -19974,8 +19983,8 @@ CVE-2020-15959 RESERVED - chromium [stretch] - chromium (see DSA 4562) -CVE-2020-15958 - RESERVED +CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...) + TODO: check CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...) NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T) CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...) @@ -20442,26 +20451,26 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c r NOTE: of breaking existing workflows. CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...) NOT-FOR-US: Maven Extension plugin for Gradle Enterprise -CVE-2020-15776 - RESERVED -CVE-2020-15775 - RESERVED -CVE-2020-15774 - RESERVED -CVE-2020-15773 - RESERVED -CVE-2020-15772 - RESERVED -CVE-2020-15771 - RESERVED -CVE-2020-15770 - RESERVED -CVE-2020-15769 - RESERVED -CVE-2020-15768 - RESERVED -CVE-2020-15767 - RESERVED +CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF m ...) + TODO: check +CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrest ...) + TODO: check +CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Becaus ...) + TODO: check +CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...) + TODO: check +CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There ...) + TODO: check +CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...) + TODO: check +CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. There is a lack o ...) + TODO: check +CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...) + TODO: check +CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...) + TODO: check +CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of ...) + TODO: check CVE-2020-15766 RESERVED CVE-2020-15765 @@ -20915,6 +20924,7 @@ CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php us NOT-FOR-US: Victor CMS CVE-2020-15598 RESERVED + {DSA-4765-1} - modsecurity 3.0.4-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588 NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/ @@ -21140,11 +21150,11 @@ CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU L NOT-FOR-US: Nordic Semiconductor CVE-2020-15508 RESERVED -CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core and Connect ...) +CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core versions 10 ...) NOT-FOR-US: MobileIron Core and Connector -CVE-2020-15506 (An Authentication Bypass vulnerability in MobileIron Core and Connecto ...) +CVE-2020-15506 (An authentication bypass vulnerability in MobileIron Core & Connec ...) NOT-FOR-US: MobileIron Core and Connector -CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core and Connector ...) +CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core & Connect ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...) NOT-FOR-US: Sophos @@ -21851,10 +21861,10 @@ CVE-2020-15191 RESERVED CVE-2020-15190 RESERVED -CVE-2020-15189 - RESERVED -CVE-2020-15188 - RESERVED +CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...) + TODO: check +CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...) + TODO: check CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...) TODO: check CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...) @@ -21867,8 +21877,8 @@ CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scr NOT-FOR-US: SoyCMS CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...) NOT-FOR-US: SoyCMS -CVE-2020-15181 - RESERVED +CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...) + TODO: check CVE-2020-15180 RESERVED CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...) @@ -23321,8 +23331,8 @@ CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of O NOT-FOR-US: Oracle CVE-2020-14526 RESERVED -CVE-2020-14525 - RESERVED +CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) + TODO: check CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...) NOT-FOR-US: Softing Industrial Automation CVE-2020-14523 @@ -23359,8 +23369,8 @@ CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vuln NOT-FOR-US: GateManager CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...) NOT-FOR-US: Advantech -CVE-2020-14506 - RESERVED +CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) + TODO: check CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...) NOT-FOR-US: Advantech CVE-2020-14504 @@ -23660,8 +23670,7 @@ CVE-2020-14391 RESERVED - gnome-settings-daemon (Red Hat-specific plugin) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093 -CVE-2020-14390 - RESERVED +CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 through 5. ...) - linux NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489 NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2 @@ -24686,8 +24695,8 @@ CVE-2020-14031 RESERVED CVE-2020-14030 RESERVED -CVE-2020-14029 - RESERVED +CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...) + TODO: check CVE-2020-14028 RESERVED CVE-2020-14027 @@ -24702,8 +24711,8 @@ CVE-2020-14023 RESERVED CVE-2020-14022 RESERVED -CVE-2020-14021 - RESERVED +CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...) + TODO: check CVE-2020-14020 RESERVED CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...) @@ -35368,10 +35377,10 @@ CVE-2020-9747 RESERVED CVE-2020-9746 RESERVED -CVE-2020-9745 - RESERVED -CVE-2020-9744 - RESERVED +CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) + TODO: check +CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) + TODO: check CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...) @@ -35380,8 +35389,8 @@ CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 NOT-FOR-US: Adobe AEM CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM -CVE-2020-9739 - RESERVED +CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) + TODO: check CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) @@ -36860,8 +36869,8 @@ CVE-2020-9086 RESERVED CVE-2020-9085 RESERVED -CVE-2020-9084 - RESERVED +CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...) + TODO: check CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...) NOT-FOR-US: Huawei CVE-2020-9082 @@ -39520,8 +39529,8 @@ CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7946 RESERVED -CVE-2020-7945 - RESERVED +CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...) + TODO: check CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) @@ -40788,8 +40797,8 @@ CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in Sm NOT-FOR-US: SmartControl CVE-2020-7359 RESERVED -CVE-2020-7358 - RESERVED +CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider instal ...) + TODO: check CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...) NOT-FOR-US: Cayin CMS CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...) @@ -44374,10 +44383,10 @@ CVE-2020-5978 RESERVED CVE-2020-5977 RESERVED -CVE-2020-5976 - RESERVED -CVE-2020-5975 - RESERVED +CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...) + TODO: check +CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...) + TODO: check CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...) NOT-FOR-US: NVIDIA CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...) @@ -48600,8 +48609,8 @@ CVE-2020-3981 RESERVED CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...) NOT-FOR-US: VMware -CVE-2020-3979 - RESERVED +CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...) + TODO: check CVE-2020-3978 RESERVED CVE-2020-3977 @@ -56410,8 +56419,8 @@ CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some i TODO: check CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...) TODO: check -CVE-2020-0405 - RESERVED +CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...) + TODO: check CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 @@ -56494,8 +56503,8 @@ CVE-2020-0367 RESERVED CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...) TODO: check -CVE-2020-0365 - RESERVED +CVE-2020-0365 (In netd, there is a possible out of bounds read due to a missing bound ...) + TODO: check CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing ...) TODO: check CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...) @@ -56516,22 +56525,22 @@ CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to TODO: check CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...) TODO: check -CVE-2020-0354 - RESERVED +CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + TODO: check CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...) TODO: check CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...) TODO: check CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...) TODO: check -CVE-2020-0350 - RESERVED -CVE-2020-0349 - RESERVED -CVE-2020-0348 - RESERVED -CVE-2020-0347 - RESERVED +CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a missing bound ...) + TODO: check +CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...) + TODO: check CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...) TODO: check CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...) @@ -56554,28 +56563,28 @@ CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions che TODO: check CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...) TODO: check -CVE-2020-0335 - RESERVED -CVE-2020-0334 - RESERVED +CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a missing bound ...) + TODO: check +CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a missing bound ...) + TODO: check CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...) TODO: check CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...) TODO: check -CVE-2020-0331 - RESERVED +CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could lead t ...) + TODO: check CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...) TODO: check CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...) TODO: check CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...) TODO: check -CVE-2020-0327 - RESERVED -CVE-2020-0326 - RESERVED -CVE-2020-0325 - RESERVED +CVE-2020-0327 (In core networking, there is a missing permission check. This could le ...) + TODO: check +CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitialized d ...) + TODO: check +CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to local info ...) + TODO: check CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...) TODO: check CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...) @@ -56586,32 +56595,32 @@ CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due TODO: check CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...) TODO: check -CVE-2020-0319 - RESERVED -CVE-2020-0318 - RESERVED +CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a missing bound ...) + TODO: check +CVE-2020-0318 (In the System UI, there is a possible system crash due to an uncaught ...) + TODO: check CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...) TODO: check -CVE-2020-0316 - RESERVED -CVE-2020-0315 - RESERVED +CVE-2020-0316 (In Telephony, there is a missing permission check. This could lead to ...) + TODO: check +CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an unsafe Pe ...) + TODO: check CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead ...) TODO: check -CVE-2020-0313 - RESERVED +CVE-2020-0313 (In NotificationManagerService, there is a possible permission bypass d ...) + TODO: check CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...) TODO: check -CVE-2020-0311 - RESERVED -CVE-2020-0310 - RESERVED -CVE-2020-0309 - RESERVED +CVE-2020-0311 (In InputManagerService, there is a possible permission bypass due to a ...) + TODO: check +CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) + TODO: check +CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds write due t ...) + TODO: check CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...) TODO: check -CVE-2020-0307 - RESERVED +CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) + TODO: check CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...) TODO: check CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...) @@ -56620,34 +56629,34 @@ CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.84-1 NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079 -CVE-2020-0304 - RESERVED +CVE-2020-0304 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) + TODO: check CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...) TODO: check -CVE-2020-0302 - RESERVED +CVE-2020-0302 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) + TODO: check CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...) TODO: check -CVE-2020-0300 - RESERVED -CVE-2020-0299 - RESERVED -CVE-2020-0298 - RESERVED +CVE-2020-0300 (In NFC, there is a possible out of bounds read due to uninitialized da ...) + TODO: check +CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device metadat ...) + TODO: check +CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth enabled state ...) + TODO: check CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to ...) TODO: check CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...) TODO: check -CVE-2020-0295 - RESERVED -CVE-2020-0294 - RESERVED +CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...) + TODO: check +CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass due to ...) + TODO: check CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...) TODO: check -CVE-2020-0292 - RESERVED -CVE-2020-0291 - RESERVED +CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + TODO: check +CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + TODO: check CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...) TODO: check CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...) @@ -56656,18 +56665,18 @@ CVE-2020-0288 (In PackageManager, there is a missing permission check. This coul TODO: check CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...) TODO: check -CVE-2020-0286 - RESERVED -CVE-2020-0285 - RESERVED -CVE-2020-0284 - RESERVED +CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata due to ...) + TODO: check +CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a missing p ...) + TODO: check +CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a missing p ...) + TODO: check CVE-2020-0283 RESERVED -CVE-2020-0282 - RESERVED -CVE-2020-0281 - RESERVED +CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing bounds ...) + TODO: check +CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing bounds ...) + TODO: check CVE-2020-0280 RESERVED CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...) @@ -56676,36 +56685,36 @@ CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bound TODO: check CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...) TODO: check -CVE-2020-0276 - RESERVED +CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a missing p ...) + TODO: check CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...) TODO: check CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...) TODO: check -CVE-2020-0273 - RESERVED -CVE-2020-0272 - RESERVED -CVE-2020-0271 - RESERVED +CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write due to fr ...) + TODO: check +CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to unin ...) + TODO: check +CVE-2020-0271 (In the Settings app, there is an insecure default value. This could le ...) + TODO: check CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...) TODO: check -CVE-2020-0269 - RESERVED -CVE-2020-0268 - RESERVED +CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass due to ...) + TODO: check +CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race condition. Th ...) + TODO: check CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due ...) TODO: check CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...) TODO: check -CVE-2020-0265 - RESERVED +CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to missin ...) + TODO: check CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...) TODO: check -CVE-2020-0263 - RESERVED -CVE-2020-0262 - RESERVED +CVE-2020-0263 (In the Accessibility service, there is a possible permission bypass du ...) + TODO: check +CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled intent due ...) + TODO: check CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due to a mi ...) NOT-FOR-US: C2 flame devices CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...) @@ -57073,8 +57082,8 @@ CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for met NOT-FOR-US: Mediatek components for Android CVE-2020-0090 (An improper authorization in the receiver component of Email.Product: ...) NOT-FOR-US: Mediatek components for Android -CVE-2020-0089 - RESERVED +CVE-2020-0089 (In the audio server, there is a missing permission check. This could l ...) + TODO: check CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...) NOT-FOR-US: Android Media Framework CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...) -- cgit v1.2.3