[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 15 20:10:35 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
74e1238b by security tracker role at 2020-12-15T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -150,10 +150,10 @@ CVE-2020-35398
RESERVED
CVE-2020-35397
RESERVED
-CVE-2020-35396
- RESERVED
-CVE-2020-35395
- RESERVED
+CVE-2020-35396 (EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting ( ...)
+ TODO: check
+CVE-2020-35395 (XSS in the Add Expense Component of EGavilan Media Expense Management ...)
+ TODO: check
CVE-2020-35394
RESERVED
CVE-2020-35393
@@ -2523,30 +2523,27 @@ CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6
NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61
CVE-2020-29572 (app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp ...)
NOT-FOR-US: MISP
-CVE-2020-29571
- RESERVED
+CVE-2020-29571 (An issue was discovered in Xen through 4.14.x. A bounds check common t ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-359.html
-CVE-2020-29570
- RESERVED
+CVE-2020-29570 (An issue was discovered in Xen through 4.14.x. Recording of the per-vC ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-358.html
-CVE-2020-29569
- RESERVED
+CVE-2020-29569 (An issue was discovered in the Linux kernel through 5.10.1, as used wi ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-350.html
-CVE-2020-29568
- RESERVED
+CVE-2020-29568 (An issue was discovered in Xen through 4.14.x. Some OSes (such as Linu ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-349.html
-CVE-2020-29567
- RESERVED
+CVE-2020-29567 (An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs t ...)
- xen 4.14.0+88-g1d1d1f5391-1
[buster] - xen <not-affected> (Only affects 4.14)
[stretch] - xen <not-affected> (Only affects 4.14)
NOTE: https://xenbits.xen.org/xsa/advisory-356.html
-CVE-2020-29566
- RESERVED
+CVE-2020-29566 (An issue was discovered in Xen through 4.14.x. When they require assis ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-348.html
CVE-2020-29565 (An issue was discovered in OpenStack Horizon before 15.3.2, 16.x befor ...)
@@ -2923,39 +2920,38 @@ CVE-2021-1636
RESERVED
CVE-2020-29488
RESERVED
-CVE-2020-29487
- RESERVED
+CVE-2020-29487 (An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstor ...)
NOT-FOR-US: xapi
-CVE-2020-29486
- RESERVED
+CVE-2020-29486 (An issue was discovered in Xen through 4.14.x. Nodes in xenstore have ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-352.html
-CVE-2020-29485
- RESERVED
+CVE-2020-29485 (An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-330.html
-CVE-2020-29484 [Xenstore: guests can crash xenstored via watchs]
- RESERVED
+CVE-2020-29484 (An issue was discovered in Xen through 4.14.x. When a Xenstore watch f ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-324.html
-CVE-2020-29483 [Xenstore: guests can disturb domain cleanup]
- RESERVED
+CVE-2020-29483 (An issue was discovered in Xen through 4.14.x. Xenstored and guests co ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-325.html
-CVE-2020-29482 [Xenstore: wrong path length check]
- RESERVED
+CVE-2020-29482 (An issue was discovered in Xen through 4.14.x. A guest may access xens ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-323.html
-CVE-2020-29481 [Xenstore: new domains inheriting existing node permissions]
- RESERVED
+CVE-2020-29481 (An issue was discovered in Xen through 4.14.x. Access rights of Xensto ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-322.html
-CVE-2020-29480
- RESERVED
+CVE-2020-29480 (An issue was discovered in Xen through 4.14.x. Neither xenstore implem ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-115.html
-CVE-2020-29479
- RESERVED
+CVE-2020-29479 (An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-353.html
CVE-2020-29478
@@ -6328,10 +6324,10 @@ CVE-2020-28459
RESERVED
CVE-2020-28458
RESERVED
-CVE-2020-28457
- RESERVED
-CVE-2020-28456
- RESERVED
+CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search functional ...)
+ TODO: check
+CVE-2020-28456 (The package s-cart/core before 4.4 are vulnerable to Cross-site Script ...)
+ TODO: check
CVE-2020-28455
RESERVED
CVE-2020-28454
@@ -6358,8 +6354,8 @@ CVE-2020-28444
RESERVED
CVE-2020-28443
RESERVED
-CVE-2020-28442
- RESERVED
+CVE-2020-28442 (All versions of package js-data are vulnerable to Prototype Pollution ...)
+ TODO: check
CVE-2020-28441
RESERVED
CVE-2020-28440 (All versions of package corenlp-js-interface are vulnerable to Command ...)
@@ -8401,8 +8397,8 @@ CVE-2020-28205
RESERVED
CVE-2020-28204
RESERVED
-CVE-2020-28203
- RESERVED
+CVE-2020-28203 (An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 an ...)
+ TODO: check
CVE-2020-28202
RESERVED
CVE-2020-28201
@@ -9541,7 +9537,7 @@ CVE-2020-27788
RESERVED
CVE-2020-27787
RESERVED
-CVE-2020-27786 (A flaw was found in the Linux kernels implementation of MIDI (kernel 5 ...)
+CVE-2020-27786 (A flaw was found in the Linux kernels implementation of MIDI, where an ...)
- linux 5.6.14-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -9572,8 +9568,7 @@ CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were co
[stretch] - poppler <postponed> (Minor issue; maybe worth fixing later)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0)
-CVE-2020-27777
- RESERVED
+CVE-2020-27777 (A flaw was found in the way RTAS handled memory accesses in userspace ...)
{DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
@@ -11497,8 +11492,8 @@ CVE-2020-27149
RESERVED
CVE-2020-27148
RESERVED
-CVE-2020-27147
- RESERVED
+CVE-2020-27147 (The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress c ...)
+ TODO: check
CVE-2020-27146 (The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace ( ...)
NOT-FOR-US: TIBCO
CVE-2020-27145
@@ -11655,18 +11650,16 @@ CVE-2020-27070
RESERVED
CVE-2020-27069
RESERVED
-CVE-2020-27068
- RESERVED
+CVE-2020-27068 (In the nl80211_policy policy of nl80211.c, there is a possible out of ...)
- linux 5.5.13-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
NOTE: https://git.kernel.org/linus/ea75080110a4c1fa011b0a73cb8f42227143ee3e
-CVE-2020-27067
- RESERVED
+CVE-2020-27067 (In the l2tp subsystem, there is a possible use after free due to a rac ...)
- linux 4.15.4-1
[stretch] - linux 4.9.228-1
-CVE-2020-27066
- RESERVED
+CVE-2020-27066 (In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possib ...)
+ TODO: check
CVE-2020-27065
RESERVED
CVE-2020-27064
@@ -11683,80 +11676,80 @@ CVE-2020-27059
RESERVED
CVE-2020-27058
RESERVED
-CVE-2020-27057
- RESERVED
-CVE-2020-27056
- RESERVED
-CVE-2020-27055
- RESERVED
-CVE-2020-27054
- RESERVED
-CVE-2020-27053
- RESERVED
-CVE-2020-27052
- RESERVED
-CVE-2020-27051
- RESERVED
-CVE-2020-27050
- RESERVED
-CVE-2020-27049
- RESERVED
-CVE-2020-27048
- RESERVED
-CVE-2020-27047
- RESERVED
-CVE-2020-27046
- RESERVED
-CVE-2020-27045
- RESERVED
-CVE-2020-27044
- RESERVED
-CVE-2020-27043
- RESERVED
+CVE-2020-27057 (In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, the ...)
+ TODO: check
+CVE-2020-27056 (In SELinux policies of mls, there is a missing permission check. This ...)
+ TODO: check
+CVE-2020-27055 (In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigCon ...)
+ TODO: check
+CVE-2020-27054 (In onFactoryReset of BluetoothManagerService.java, there is a missing ...)
+ TODO: check
+CVE-2020-27053 (In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a p ...)
+ TODO: check
+CVE-2020-27052 (In getLockTaskLaunchMode of ActivityRecord.java, there is a possible w ...)
+ TODO: check
+CVE-2020-27051 (In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible ...)
+ TODO: check
+CVE-2020-27050 (In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possibl ...)
+ TODO: check
+CVE-2020-27049 (In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of boun ...)
+ TODO: check
+CVE-2020-27048 (In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds wr ...)
+ TODO: check
+CVE-2020-27047 (In ce_t4t_update_binary of ce_t4t.cc, there is a possible out of bound ...)
+ TODO: check
+CVE-2020-27046 (In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible out of ...)
+ TODO: check
+CVE-2020-27045 (In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds wr ...)
+ TODO: check
+CVE-2020-27044 (In restartWrite of Parcel.cpp, there is a possible memory corruption d ...)
+ TODO: check
+CVE-2020-27043 (In nfc_enabled of nfc_main.cc, there is a possible out of bounds read ...)
+ TODO: check
CVE-2020-27042
RESERVED
-CVE-2020-27041
- RESERVED
-CVE-2020-27040
- RESERVED
-CVE-2020-27039
- RESERVED
-CVE-2020-27038
- RESERVED
-CVE-2020-27037
- RESERVED
-CVE-2020-27036
- RESERVED
-CVE-2020-27035
- RESERVED
-CVE-2020-27034
- RESERVED
-CVE-2020-27033
- RESERVED
-CVE-2020-27032
- RESERVED
-CVE-2020-27031
- RESERVED
-CVE-2020-27030
- RESERVED
-CVE-2020-27029
- RESERVED
-CVE-2020-27028
- RESERVED
-CVE-2020-27027
- RESERVED
-CVE-2020-27026
- RESERVED
-CVE-2020-27025
- RESERVED
-CVE-2020-27024
- RESERVED
-CVE-2020-27023
- RESERVED
+CVE-2020-27041 (In showProvisioningNotification of ConnectivityService.java, there is ...)
+ TODO: check
+CVE-2020-27040 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...)
+ TODO: check
+CVE-2020-27039 (In postNotification of ServiceRecord.java, there is a possible permiss ...)
+ TODO: check
+CVE-2020-27038 (In process of C2SoftVorbisDec.cpp, there is a possible resource exhaus ...)
+ TODO: check
+CVE-2020-27037 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...)
+ TODO: check
+CVE-2020-27036 (In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible ...)
+ TODO: check
+CVE-2020-27035 (In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible us ...)
+ TODO: check
+CVE-2020-27034 (In createSimSelectNotification of SimSelectNotification.java, there is ...)
+ TODO: check
+CVE-2020-27033 (In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out o ...)
+ TODO: check
+CVE-2020-27032 (In getRadioAccessFamily of PhoneInterfaceManager.java, there is a poss ...)
+ TODO: check
+CVE-2020-27031 (In nfc_data_event of nfc_ncif.cc, there is a possible out of bounds re ...)
+ TODO: check
+CVE-2020-27030 (In onCreate of HandleApiCalls.java, there is a possible permission byp ...)
+ TODO: check
+CVE-2020-27029 (In TextView of TextView.java, there is a possible app hang due to impr ...)
+ TODO: check
+CVE-2020-27028 (In filter_incoming_event of hci_layer.cc, there is a possible out of b ...)
+ TODO: check
+CVE-2020-27027 (In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out o ...)
+ TODO: check
+CVE-2020-27026 (During boot, the device unlock interface behaves differently depending ...)
+ TODO: check
+CVE-2020-27025 (In EapFailureNotifier.java and SimRequiredNotifier.java, there is a po ...)
+ TODO: check
+CVE-2020-27024 (In smp_br_state_machine_event of smp_br_main.cc, there is a possible o ...)
+ TODO: check
+CVE-2020-27023 (In setErrorPlaybackState of BluetoothMediaBrowserService.java, there i ...)
+ TODO: check
CVE-2020-27022
RESERVED
-CVE-2020-27021
- RESERVED
+CVE-2020-27021 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible o ...)
+ TODO: check
CVE-2020-27020
RESERVED
CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
@@ -13587,7 +13580,7 @@ CVE-2020-26219 (touchbase.ai before version 2.0 is vulnerable to Open Redirect.
CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. ...)
NOT-FOR-US: touchbase.ai
CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code Execution.T ...)
- {DLA-2471-1}
+ {DSA-4811-1 DLA-2471-1}
- libxstream-java 1.4.14-1
NOTE: https://x-stream.github.io/CVE-2020-26217.html
NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
@@ -14778,8 +14771,7 @@ CVE-2020-25713 [Out of bounds read leads to segfault in raptor_xml_writer_start_
[buster] - raptor2 <no-dsa> (Minor issue)
[stretch] - raptor2 <postponed> (Minor issue; reconsider when fixed upstream.)
NOTE: https://bugs.librdf.org/mantis/view.php?id=650
-CVE-2020-25712 [Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows]
- RESERVED
+CVE-2020-25712 (A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer over ...)
{DSA-4803-1 DLA-2486-1}
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
@@ -39828,8 +39820,7 @@ CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions b
- samba 2:4.12.5+dfsg-1
[buster] - samba <postponed> (Minor issue, fix along in next DSA)
NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
-CVE-2020-14302
- RESERVED
+CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external identity ...)
NOT-FOR-US: Keycloak
CVE-2020-14301 [leak of sensitive cookie information via dumpxml]
RESERVED
@@ -55099,26 +55090,26 @@ CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has
- golang-github-proglottis-gpgme 0.1.1-1 (bug #951372)
[buster] - golang-github-proglottis-gpgme <no-dsa> (Minor issue)
NOTE: https://github.com/proglottis/gpgme/pull/23
-CVE-2020-8944
- RESERVED
-CVE-2020-8943
- RESERVED
-CVE-2020-8942
- RESERVED
-CVE-2020-8941
- RESERVED
-CVE-2020-8940
- RESERVED
-CVE-2020-8939
- RESERVED
-CVE-2020-8938
- RESERVED
-CVE-2020-8937
- RESERVED
-CVE-2020-8936
- RESERVED
-CVE-2020-8935
- RESERVED
+CVE-2020-8944 (An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 ...)
+ TODO: check
+CVE-2020-8943 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...)
+ TODO: check
+CVE-2020-8942 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...)
+ TODO: check
+CVE-2020-8941 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...)
+ TODO: check
+CVE-2020-8940 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...)
+ TODO: check
+CVE-2020-8939 (An out of bounds read on the enc_untrusted_inet_ntop function allows a ...)
+ TODO: check
+CVE-2020-8938 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
+ TODO: check
+CVE-2020-8937 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
+ TODO: check
+CVE-2020-8936 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
+ TODO: check
+CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...)
+ TODO: check
CVE-2020-8934
RESERVED
CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
@@ -65709,8 +65700,8 @@ CVE-2020-4851
RESERVED
CVE-2020-4850
RESERVED
-CVE-2020-4849
- RESERVED
+CVE-2020-4849 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could ...)
+ TODO: check
CVE-2020-4848
RESERVED
CVE-2020-4847
@@ -65916,8 +65907,8 @@ CVE-2020-4749 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure
NOT-FOR-US: IBM
CVE-2020-4748 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
NOT-FOR-US: IBM
-CVE-2020-4747
- RESERVED
+CVE-2020-4747 (IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a ...)
+ TODO: check
CVE-2020-4746
RESERVED
CVE-2020-4745
@@ -73122,27 +73113,27 @@ CVE-2020-2091 (A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and
CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2089
- RESERVED
+ REJECTED
CVE-2020-2088
- RESERVED
+ REJECTED
CVE-2020-2087
- RESERVED
+ REJECTED
CVE-2020-2086
- RESERVED
+ REJECTED
CVE-2020-2085
- RESERVED
+ REJECTED
CVE-2020-2084
- RESERVED
+ REJECTED
CVE-2020-2083
- RESERVED
+ REJECTED
CVE-2020-2082
- RESERVED
+ REJECTED
CVE-2020-2081
- RESERVED
+ REJECTED
CVE-2020-2080
- RESERVED
+ REJECTED
CVE-2020-2079
- RESERVED
+ REJECTED
CVE-2020-2078 (Passwords are stored in plain text within the configuration of SICK Pa ...)
NOT-FOR-US: SICK
CVE-2020-2077 (SICK Package Analytics software up to and including version V04.0.0 ar ...)
@@ -80384,62 +80375,62 @@ CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege
NOT-FOR-US: TotalAV
CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, ...)
NOT-FOR-US: Unisys Stealth
-CVE-2020-0500
- RESERVED
-CVE-2020-0499
- RESERVED
-CVE-2020-0498
- RESERVED
-CVE-2020-0497
- RESERVED
-CVE-2020-0496
- RESERVED
-CVE-2020-0495
- RESERVED
-CVE-2020-0494
- RESERVED
-CVE-2020-0493
- RESERVED
-CVE-2020-0492
- RESERVED
-CVE-2020-0491
- RESERVED
-CVE-2020-0490
- RESERVED
-CVE-2020-0489
- RESERVED
-CVE-2020-0488
- RESERVED
-CVE-2020-0487
- RESERVED
-CVE-2020-0486
- RESERVED
-CVE-2020-0485
- RESERVED
-CVE-2020-0484
- RESERVED
-CVE-2020-0483
- RESERVED
-CVE-2020-0482
- RESERVED
-CVE-2020-0481
- RESERVED
-CVE-2020-0480
- RESERVED
-CVE-2020-0479
- RESERVED
-CVE-2020-0478
- RESERVED
-CVE-2020-0477
- RESERVED
-CVE-2020-0476
- RESERVED
-CVE-2020-0475
- RESERVED
-CVE-2020-0474
- RESERVED
-CVE-2020-0473
- RESERVED
+CVE-2020-0500 (In startInputUncheckedLocked of InputMethodManager.java, there is a po ...)
+ TODO: check
+CVE-2020-0499 (In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a p ...)
+ TODO: check
+CVE-2020-0498 (In decode_packed_entry_number of codebook.c, there is a possible out o ...)
+ TODO: check
+CVE-2020-0497 (In canUseBiometric of BiometricServiceBase, there is a missing permiss ...)
+ TODO: check
+CVE-2020-0496 (In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a p ...)
+ TODO: check
+CVE-2020-0495 (In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bou ...)
+ TODO: check
+CVE-2020-0494 (In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds ...)
+ TODO: check
+CVE-2020-0493 (In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a possib ...)
+ TODO: check
+CVE-2020-0492 (In BitstreamFillCache of bitstream.cpp, there is a possible out of bou ...)
+ TODO: check
+CVE-2020-0491 (In readBlock of MatroskaExtractor.cpp, there is a possible denial of s ...)
+ TODO: check
+CVE-2020-0490 (In floor1_info_unpack of floor1.c, there is a possible out of bounds r ...)
+ TODO: check
+CVE-2020-0489 (In Parse_data of eas_mdls.c, there is a possible out of bounds write d ...)
+ TODO: check
+CVE-2020-0488 (In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse ...)
+ TODO: check
+CVE-2020-0487 (In read_metadata_vorbiscomment_ of stream_decoder.c, there is possible ...)
+ TODO: check
+CVE-2020-0486 (In openAssetFileListener of ContactsProvider2.java, there is a possibl ...)
+ TODO: check
+CVE-2020-0485 (In areFunctionsSupported of UsbBackend.java, there is a possible acces ...)
+ TODO: check
+CVE-2020-0484 (In destroyResources of ComposerClient.h, there is possible memory corr ...)
+ TODO: check
+CVE-2020-0483 (In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, t ...)
+ TODO: check
+CVE-2020-0482 (In command of IncidentService.cpp, there is a possible out of bounds r ...)
+ TODO: check
+CVE-2020-0481 (In AndroidManifest.xml, there is a possible permissions bypass. This c ...)
+ TODO: check
+CVE-2020-0480 (In callUnchecked of DocumentsProvider.java, there is a possible permis ...)
+ TODO: check
+CVE-2020-0479 (In callUnchecked of DocumentsProvider.java, there is a possible permis ...)
+ TODO: check
+CVE-2020-0478 (In extend_frame_lowbd of restoration.c, there is a possible out of bou ...)
+ TODO: check
+CVE-2020-0477 (In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there ...)
+ TODO: check
+CVE-2020-0476 (In onNotificationRemoved of Assistant.java, there is a possible leak o ...)
+ TODO: check
+CVE-2020-0475 (In createInputConsumer of WindowManagerService.java, there is a possib ...)
+ TODO: check
+CVE-2020-0474 (In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible us ...)
+ TODO: check
+CVE-2020-0473 (In updateIncomingFileConfirmNotification of BluetoothOppNotification.j ...)
+ TODO: check
CVE-2020-0472
RESERVED
CVE-2020-0471
@@ -80688,8 +80679,8 @@ CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to missi
NOT-FOR-US: Android Media Framework
CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an integer o ...)
NOT-FOR-US: Android
-CVE-2020-0368
- RESERVED
+CVE-2020-0368 (In queryInternal of CallLogProvider.java, there is a possible permissi ...)
+ TODO: check
CVE-2020-0367 (There is a possible out of bounds write due to a missing bounds check. ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...)
@@ -80871,8 +80862,8 @@ CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing b
NOT-FOR-US: Android
CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
NOT-FOR-US: Android
-CVE-2020-0280
- RESERVED
+CVE-2020-0280 (In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out ...)
+ TODO: check
CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...)
@@ -80943,8 +80934,8 @@ CVE-2020-0246 (In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a m
NOT-FOR-US: Android
CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible ...)
NOT-FOR-US: Android Media framework
-CVE-2020-0244
- RESERVED
+CVE-2020-0244 (In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out ...)
+ TODO: check
CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-a ...)
NOT-FOR-US: Android media framework
CVE-2020-0242 (In reset of NuPlayerDriver.cpp, there is a possible use-after-free due ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74e1238b25d9323e358bb368d34bb8335af25592
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74e1238b25d9323e358bb368d34bb8335af25592
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201215/8990220f/attachment.html>
More information about the debian-security-tracker-commits
mailing list