automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-09-18 20:10:25 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-09-18 20:10:25 +0000
commit: 0acfc65030d52a2da0e5417be67db0e554f59313 (patch)
tree: c2bf5a7a486828240616acf821af514a3db43e43
parent: bc9d46ca0fe5ff4001c259211592ce0f35ff3b64 (diff)
2 files changed, 173 insertions, 163 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e0943ea1f2..8ec5a9c5a5 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -8,6 +8,7 @@ CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence
 	NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0)
 	NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0)
 CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...)
+	{DSA-4764-1}
 	- inspircd 3.3.0-1
 	NOTE: https://docs.inspircd.org/security/2019-02/
 	NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index cadfbbee9b..e0d9042a0f 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,11 @@
+CVE-2020-25768
+	RESERVED
+CVE-2020-25767
+	RESERVED
+CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
+	TODO: check
+CVE-2020-25765
+	RESERVED
 CVE-2020-25764
 	RESERVED
 CVE-2020-25763
@@ -263,8 +271,8 @@ CVE-2020-25635
 CVE-2020-25634
 	RESERVED
 	NOT-FOR-US: 3scale
-CVE-2020-25633
-	RESERVED
+CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to  ...)
+	TODO: check
 CVE-2020-25632
 	RESERVED
 CVE-2020-25631
@@ -998,6 +1006,7 @@ CVE-2020-25271
 CVE-2020-25270
 	RESERVED
 CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...)
+	{DSA-4764-1}
 	- inspircd <unfixed> (bug #960650)
 	NOTE: https://docs.inspircd.org/security/2020-01/
 	NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2)
@@ -2387,8 +2396,8 @@ CVE-2020-24625
 	RESERVED
 CVE-2020-24624
 	RESERVED
-CVE-2020-24623
-	RESERVED
+CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...)
+	TODO: check
 CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
 	NOT-FOR-US: Sonatype
 CVE-2020-24621
@@ -19362,8 +19371,8 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow
 	NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3
 	NOTE: Upstream of the project did disputed the CVE. Upstream position is
 	NOTE: that the refererred behaviour is intended functionality.
-CVE-2020-16247
-	RESERVED
+CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+	TODO: check
 CVE-2020-16246
 	RESERVED
 CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
@@ -19396,8 +19405,8 @@ CVE-2020-16232
 	RESERVED
 CVE-2020-16231
 	RESERVED
-CVE-2020-16230
-	RESERVED
+CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
+	TODO: check
 CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
 	NOT-FOR-US: Advantech WebAccess
 CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
@@ -19456,12 +19465,12 @@ CVE-2020-16202
 	RESERVED
 CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
 	NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16200
-	RESERVED
+CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+	TODO: check
 CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
 	NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16198
-	RESERVED
+CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...)
+	TODO: check
 CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2020-16196
@@ -19974,8 +19983,8 @@ CVE-2020-15959
 	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15958
-	RESERVED
+CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...)
+	TODO: check
 CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...)
 	NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T)
 CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...)
@@ -20442,26 +20451,26 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c r
 	NOTE: of breaking existing workflows.
 CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...)
 	NOT-FOR-US: Maven Extension plugin for Gradle Enterprise
-CVE-2020-15776
-	RESERVED
-CVE-2020-15775
-	RESERVED
-CVE-2020-15774
-	RESERVED
-CVE-2020-15773
-	RESERVED
-CVE-2020-15772
-	RESERVED
-CVE-2020-15771
-	RESERVED
-CVE-2020-15770
-	RESERVED
-CVE-2020-15769
-	RESERVED
-CVE-2020-15768
-	RESERVED
-CVE-2020-15767
-	RESERVED
+CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF m ...)
+	TODO: check
+CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrest ...)
+	TODO: check
+CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Becaus ...)
+	TODO: check
+CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because  ...)
+	TODO: check
+CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There  ...)
+	TODO: check
+CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...)
+	TODO: check
+CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. There is a lack o ...)
+	TODO: check
+CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...)
+	TODO: check
+CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...)
+	TODO: check
+CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of  ...)
+	TODO: check
 CVE-2020-15766
 	RESERVED
 CVE-2020-15765
@@ -20915,6 +20924,7 @@ CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php us
 	NOT-FOR-US: Victor CMS
 CVE-2020-15598
 	RESERVED
+	{DSA-4765-1}
 	- modsecurity 3.0.4-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588
 	NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/
@@ -21140,11 +21150,11 @@ CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU L
 	NOT-FOR-US: Nordic Semiconductor
 CVE-2020-15508
 	RESERVED
-CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core and Connect ...)
+CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core versions 10 ...)
 	NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15506 (An Authentication Bypass vulnerability in MobileIron Core and Connecto ...)
+CVE-2020-15506 (An authentication bypass vulnerability in MobileIron Core &amp; Connec ...)
 	NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core and Connector ...)
+CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core &amp; Connect ...)
 	NOT-FOR-US: MobileIron Core and Connector
 CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of  ...)
 	NOT-FOR-US: Sophos
@@ -21851,10 +21861,10 @@ CVE-2020-15191
 	RESERVED
 CVE-2020-15190
 	RESERVED
-CVE-2020-15189
-	RESERVED
-CVE-2020-15188
-	RESERVED
+CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...)
+	TODO: check
+CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...)
+	TODO: check
 CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...)
 	TODO: check
 CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...)
@@ -21867,8 +21877,8 @@ CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scr
 	NOT-FOR-US: SoyCMS
 CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...)
 	NOT-FOR-US: SoyCMS
-CVE-2020-15181
-	RESERVED
+CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...)
+	TODO: check
 CVE-2020-15180
 	RESERVED
 CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...)
@@ -23321,8 +23331,8 @@ CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of O
 	NOT-FOR-US: Oracle
 CVE-2020-14526
 	RESERVED
-CVE-2020-14525
-	RESERVED
+CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+	TODO: check
 CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
 	NOT-FOR-US: Softing Industrial Automation
 CVE-2020-14523
@@ -23359,8 +23369,8 @@ CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vuln
 	NOT-FOR-US: GateManager
 CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...)
 	NOT-FOR-US: Advantech
-CVE-2020-14506
-	RESERVED
+CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+	TODO: check
 CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...)
 	NOT-FOR-US: Advantech
 CVE-2020-14504
@@ -23660,8 +23670,7 @@ CVE-2020-14391
 	RESERVED
 	- gnome-settings-daemon <not-affected> (Red Hat-specific plugin)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
-CVE-2020-14390
-	RESERVED
+CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 through 5. ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
 	NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2
@@ -24686,8 +24695,8 @@ CVE-2020-14031
 	RESERVED
 CVE-2020-14030
 	RESERVED
-CVE-2020-14029
-	RESERVED
+CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...)
+	TODO: check
 CVE-2020-14028
 	RESERVED
 CVE-2020-14027
@@ -24702,8 +24711,8 @@ CVE-2020-14023
 	RESERVED
 CVE-2020-14022
 	RESERVED
-CVE-2020-14021
-	RESERVED
+CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...)
+	TODO: check
 CVE-2020-14020
 	RESERVED
 CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...)
@@ -35368,10 +35377,10 @@ CVE-2020-9747
 	RESERVED
 CVE-2020-9746
 	RESERVED
-CVE-2020-9745
-	RESERVED
-CVE-2020-9744
-	RESERVED
+CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+	TODO: check
+CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+	TODO: check
 CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
 	NOT-FOR-US: Adobe AEM
 CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...)
@@ -35380,8 +35389,8 @@ CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2
 	NOT-FOR-US: Adobe AEM
 CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
 	NOT-FOR-US: Adobe AEM
-CVE-2020-9739
-	RESERVED
+CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+	TODO: check
 CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
 	NOT-FOR-US: Adobe AEM
 CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
@@ -36860,8 +36869,8 @@ CVE-2020-9086
 	RESERVED
 CVE-2020-9085
 	RESERVED
-CVE-2020-9084
-	RESERVED
+CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...)
+	TODO: check
 CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9082
@@ -39520,8 +39529,8 @@ CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0
 	NOT-FOR-US: Login by Auth0 plugin for WordPress
 CVE-2020-7946
 	RESERVED
-CVE-2020-7945
-	RESERVED
+CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...)
+	TODO: check
 CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...)
 	NOT-FOR-US: Puppet Enterprise
 CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...)
@@ -40788,8 +40797,8 @@ CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in Sm
 	NOT-FOR-US: SmartControl
 CVE-2020-7359
 	RESERVED
-CVE-2020-7358
-	RESERVED
+CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider instal ...)
+	TODO: check
 CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...)
 	NOT-FOR-US: Cayin CMS
 CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...)
@@ -44374,10 +44383,10 @@ CVE-2020-5978
 	RESERVED
 CVE-2020-5977
 	RESERVED
-CVE-2020-5976
-	RESERVED
-CVE-2020-5975
-	RESERVED
+CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...)
+	TODO: check
+CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...)
+	TODO: check
 CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...)
 	NOT-FOR-US: NVIDIA
 CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...)
@@ -48600,8 +48609,8 @@ CVE-2020-3981
 	RESERVED
 CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...)
 	NOT-FOR-US: VMware
-CVE-2020-3979
-	RESERVED
+CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...)
+	TODO: check
 CVE-2020-3978
 	RESERVED
 CVE-2020-3977
@@ -56410,8 +56419,8 @@ CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some i
 	TODO: check
 CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...)
 	TODO: check
-CVE-2020-0405
-	RESERVED
+CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...)
+	TODO: check
 CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked  ...)
 	- linux 5.4.19-1
 	[buster] - linux 4.19.118-1
@@ -56494,8 +56503,8 @@ CVE-2020-0367
 	RESERVED
 CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...)
 	TODO: check
-CVE-2020-0365
-	RESERVED
+CVE-2020-0365 (In netd, there is a possible out of bounds read due to a missing bound ...)
+	TODO: check
 CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing  ...)
 	TODO: check
 CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...)
@@ -56516,22 +56525,22 @@ CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to
 	TODO: check
 CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...)
 	TODO: check
-CVE-2020-0354
-	RESERVED
+CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+	TODO: check
 CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...)
 	TODO: check
 CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
 	TODO: check
 CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...)
 	TODO: check
-CVE-2020-0350
-	RESERVED
-CVE-2020-0349
-	RESERVED
-CVE-2020-0348
-	RESERVED
-CVE-2020-0347
-	RESERVED
+CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+	TODO: check
+CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+	TODO: check
+CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+	TODO: check
+CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...)
+	TODO: check
 CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...)
 	TODO: check
 CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...)
@@ -56554,28 +56563,28 @@ CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions che
 	TODO: check
 CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...)
 	TODO: check
-CVE-2020-0335
-	RESERVED
-CVE-2020-0334
-	RESERVED
+CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+	TODO: check
+CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+	TODO: check
 CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...)
 	TODO: check
 CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...)
 	TODO: check
-CVE-2020-0331
-	RESERVED
+CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could lead t ...)
+	TODO: check
 CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...)
 	TODO: check
 CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...)
 	TODO: check
 CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...)
 	TODO: check
-CVE-2020-0327
-	RESERVED
-CVE-2020-0326
-	RESERVED
-CVE-2020-0325
-	RESERVED
+CVE-2020-0327 (In core networking, there is a missing permission check. This could le ...)
+	TODO: check
+CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitialized d ...)
+	TODO: check
+CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to local info ...)
+	TODO: check
 CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...)
 	TODO: check
 CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...)
@@ -56586,32 +56595,32 @@ CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due
 	TODO: check
 CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...)
 	TODO: check
-CVE-2020-0319
-	RESERVED
-CVE-2020-0318
-	RESERVED
+CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+	TODO: check
+CVE-2020-0318 (In the System UI, there is a possible system crash due to an uncaught  ...)
+	TODO: check
 CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...)
 	TODO: check
-CVE-2020-0316
-	RESERVED
-CVE-2020-0315
-	RESERVED
+CVE-2020-0316 (In Telephony, there is a missing permission check. This could lead to  ...)
+	TODO: check
+CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an unsafe Pe ...)
+	TODO: check
 CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead  ...)
 	TODO: check
-CVE-2020-0313
-	RESERVED
+CVE-2020-0313 (In NotificationManagerService, there is a possible permission bypass d ...)
+	TODO: check
 CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...)
 	TODO: check
-CVE-2020-0311
-	RESERVED
-CVE-2020-0310
-	RESERVED
-CVE-2020-0309
-	RESERVED
+CVE-2020-0311 (In InputManagerService, there is a possible permission bypass due to a ...)
+	TODO: check
+CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+	TODO: check
+CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds write due t ...)
+	TODO: check
 CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...)
 	TODO: check
-CVE-2020-0307
-	RESERVED
+CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+	TODO: check
 CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...)
 	TODO: check
 CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...)
@@ -56620,34 +56629,34 @@ CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due
 	[stretch] - linux 4.9.210-1
 	[jessie] - linux 3.16.84-1
 	NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079
-CVE-2020-0304
-	RESERVED
+CVE-2020-0304 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+	TODO: check
 CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...)
 	TODO: check
-CVE-2020-0302
-	RESERVED
+CVE-2020-0302 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+	TODO: check
 CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...)
 	TODO: check
-CVE-2020-0300
-	RESERVED
-CVE-2020-0299
-	RESERVED
-CVE-2020-0298
-	RESERVED
+CVE-2020-0300 (In NFC, there is a possible out of bounds read due to uninitialized da ...)
+	TODO: check
+CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device metadat ...)
+	TODO: check
+CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth enabled state ...)
+	TODO: check
 CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to  ...)
 	TODO: check
 CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...)
 	TODO: check
-CVE-2020-0295
-	RESERVED
-CVE-2020-0294
-	RESERVED
+CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...)
+	TODO: check
+CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass due to ...)
+	TODO: check
 CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...)
 	TODO: check
-CVE-2020-0292
-	RESERVED
-CVE-2020-0291
-	RESERVED
+CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
+	TODO: check
+CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a missing  ...)
+	TODO: check
 CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...)
 	TODO: check
 CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...)
@@ -56656,18 +56665,18 @@ CVE-2020-0288 (In PackageManager, there is a missing permission check. This coul
 	TODO: check
 CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...)
 	TODO: check
-CVE-2020-0286
-	RESERVED
-CVE-2020-0285
-	RESERVED
-CVE-2020-0284
-	RESERVED
+CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata due to  ...)
+	TODO: check
+CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a missing p ...)
+	TODO: check
+CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a missing p ...)
+	TODO: check
 CVE-2020-0283
 	RESERVED
-CVE-2020-0282
-	RESERVED
-CVE-2020-0281
-	RESERVED
+CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+	TODO: check
+CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+	TODO: check
 CVE-2020-0280
 	RESERVED
 CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...)
@@ -56676,36 +56685,36 @@ CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bound
 	TODO: check
 CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...)
 	TODO: check
-CVE-2020-0276
-	RESERVED
+CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a missing p ...)
+	TODO: check
 CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...)
 	TODO: check
 CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...)
 	TODO: check
-CVE-2020-0273
-	RESERVED
-CVE-2020-0272
-	RESERVED
-CVE-2020-0271
-	RESERVED
+CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write due to fr ...)
+	TODO: check
+CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to unin ...)
+	TODO: check
+CVE-2020-0271 (In the Settings app, there is an insecure default value. This could le ...)
+	TODO: check
 CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...)
 	TODO: check
-CVE-2020-0269
-	RESERVED
-CVE-2020-0268
-	RESERVED
+CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass due to ...)
+	TODO: check
+CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race condition. Th ...)
+	TODO: check
 CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due  ...)
 	TODO: check
 CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...)
 	TODO: check
-CVE-2020-0265
-	RESERVED
+CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to missin ...)
+	TODO: check
 CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...)
 	TODO: check
-CVE-2020-0263
-	RESERVED
-CVE-2020-0262
-	RESERVED
+CVE-2020-0263 (In the Accessibility service, there is a possible permission bypass du ...)
+	TODO: check
+CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled intent due  ...)
+	TODO: check
 CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due to a mi ...)
 	NOT-FOR-US: C2 flame devices
 CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...)
@@ -57073,8 +57082,8 @@ CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for met
 	NOT-FOR-US: Mediatek components for Android
 CVE-2020-0090 (An improper authorization in the receiver component of Email.Product:  ...)
 	NOT-FOR-US: Mediatek components for Android
-CVE-2020-0089
-	RESERVED
+CVE-2020-0089 (In the audio server, there is a missing permission check. This could l ...)
+	TODO: check
 CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...)
 	NOT-FOR-US: Android Media Framework
 CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
author	security tracker role <sectracker@soriano.debian.org>	2020-09-18 20:10:25 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-09-18 20:10:25 +0000
commit	0acfc65030d52a2da0e5417be67db0e554f59313 (patch)
tree	c2bf5a7a486828240616acf821af514a3db43e43
parent	bc9d46ca0fe5ff4001c259211592ce0f35ff3b64 (diff)