[Git][security-tracker-team/security-tracker][master] android NFUs
Moritz Muehlenhoff
jmm at debian.org
Tue Dec 15 19:58:58 GMT 2020
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
862b7fab by Moritz Muehlenhoff at 2020-12-15T20:58:30+01:00
android NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -48936,6 +48936,7 @@ CVE-2020-11226
RESERVED
CVE-2020-11225
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11224
RESERVED
CVE-2020-11223
@@ -48952,16 +48953,22 @@ CVE-2020-11218
RESERVED
CVE-2020-11217
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11216
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11215
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11214
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11213
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11212
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11211
RESERVED
CVE-2020-11210
@@ -48986,12 +48993,14 @@ CVE-2020-11201 (u'Arbitrary access to DSP memory due to improper check in loaded
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11200
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11199
RESERVED
CVE-2020-11198
RESERVED
CVE-2020-11197
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of ASF cli ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11195
@@ -49016,6 +49025,7 @@ CVE-2020-11186
RESERVED
CVE-2020-11185
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4 clip ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11183
@@ -49028,6 +49038,7 @@ CVE-2020-11180
RESERVED
CVE-2020-11179
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11178
RESERVED
CVE-2020-11177
@@ -49052,6 +49063,7 @@ CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11167
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11166
RESERVED
CVE-2020-11165
@@ -49094,26 +49106,34 @@ CVE-2020-11147
RESERVED
CVE-2020-11146
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11145
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11144
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11143
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11142
RESERVED
CVE-2020-11141 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11140
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11139
RESERVED
CVE-2020-11138
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11137
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11136
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...)
NOT-FOR-US: Snapdragon
CVE-2020-11134
@@ -49148,6 +49168,7 @@ CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passe
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11119
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11117 (u'In the lbd service, an external user can issue a specially crafted d ...)
@@ -68918,6 +68939,7 @@ CVE-2020-3692 (u'Possible buffer overflow while updating output buffer for IMEI
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3691
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3690 (u'Due to an incorrect SMMU configuration, the modem crypto engine can ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3689
@@ -68928,8 +68950,10 @@ CVE-2020-3687
RESERVED
CVE-2020-3686
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3685
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3684 (u'QSEE reads the access permission policy for the SMEM TOC partition f ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3683
@@ -80421,13 +80445,13 @@ CVE-2020-0472
CVE-2020-0471
RESERVED
CVE-2020-0470 (In extend_frame_highbd of restoration.c, there is a possible out of bo ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0469 (In addEscrowToken of LockSettingsService.java, there is a possible los ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0468 (In listen() and related functions of TelephonyRegistry.java, there is ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0467 (In onUserStopped of Vpn.java, there is a possible resetting of user pr ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0466 (In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a poss ...)
- linux 5.8.7-1
[buster] - linux 4.19.146-1
@@ -80441,25 +80465,25 @@ CVE-2020-0465 (In various methods of hid-multitouch.c, there is a possible out o
NOTE: https://git.kernel.org/linus/35556bed836f8dc07ac55f69c8d17dce3e7f0e25
NOTE: https://git.kernel.org/linus/bce1305c0ece3dc549663605e567655dd701752c
CVE-2020-0464 (In resolv_cache_lookup of res_cache.cpp, there is a possible side chan ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0463 (In sdp_server_handle_client_req of sdp_server.cc, there is a possible ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0462
RESERVED
CVE-2020-0461
RESERVED
CVE-2020-0460 (In createNameCredentialDialog of CertInstaller.java, there exists the ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0459 (In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, th ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0458 (In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEnc ...)
- TODO: check
+ NOT-FOR-US: Android Media Framework
CVE-2020-0457 (There is a possible out of bounds write due to a missing bounds check. ...)
- TODO: check
+ NOT-FOR-US: MediaTek components for Android
CVE-2020-0456 (There is a possible out of bounds write due to a missing bounds check. ...)
- TODO: check
+ NOT-FOR-US: MediaTek components for Android
CVE-2020-0455 (There is a possible out of bounds write due to a missing bounds check. ...)
- TODO: check
+ NOT-FOR-US: MediaTek components for Android
CVE-2020-0454 (In callCallbackForRequest of ConnectivityService.java, there is a poss ...)
NOT-FOR-US: Android
CVE-2020-0453 (In updateNotification of BeamTransferManager.java, there is a possible ...)
@@ -80494,7 +80518,7 @@ CVE-2020-0442 (In Message and toBundle of Notification.java, there is a possible
CVE-2020-0441 (In Message and toBundle of Notification.java, there is a possible reso ...)
NOT-FOR-US: Android
CVE-2020-0440 (In createVirtualDisplay of DisplayManagerService.java, there is a poss ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0439 (In generatePackageInfo of PackageManagerService.java, there is a possi ...)
NOT-FOR-US: Android
CVE-2020-0438 (In the AIBinder_Class constructor of ibinder.cpp, there is a possible ...)
@@ -81227,7 +81251,7 @@ CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible infor
CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...)
NOT-FOR-US: Android media framework
CVE-2020-0099 (In addWindow of WindowManagerService.java, there is a possible window ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...)
NOT-FOR-US: Android
CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible ...)
@@ -81407,13 +81431,13 @@ CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there i
CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...)
NOT-FOR-US: Android
CVE-2020-0019 (In the Broadcom Nexus firmware, there is an insecure default password. ...)
- TODO: check
+ NOT-FOR-US: Broadcom components for Android
CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...)
NOT-FOR-US: Android
CVE-2020-0017 (In multiple places, it was possible for the primary user’s dicti ...)
NOT-FOR-US: Android
CVE-2020-0016 (In the Broadcom Nexus firmware, there is an insecure default password. ...)
- TODO: check
+ NOT-FOR-US: Broadcom components for Android
CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...)
NOT-FOR-US: Android
CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/862b7fab88b8ebf344e385a1cb95b128981031f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/862b7fab88b8ebf344e385a1cb95b128981031f7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201215/56bc4d81/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list