[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Sep 9 09:10:29 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ba36d28 by security tracker role at 2020-09-09T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,19 @@
+CVE-2020-25210
+ RESERVED
+CVE-2020-25209
+ RESERVED
+CVE-2020-25208
+ RESERVED
+CVE-2020-25207
+ RESERVED
+CVE-2020-25206
+ RESERVED
+CVE-2020-25205
+ RESERVED
+CVE-2020-25204
+ RESERVED
+CVE-2020-25203
+ RESERVED
CVE-2020-XXXX [Parsing of /etc/gshadow can return bad pointers causing segfaults in applications]
- glibc <unfixed> (bug #969926)
[buster] - glibc <no-dsa> (Minor issue)
@@ -32361,8 +32377,8 @@ CVE-2020-11160
RESERVED
CVE-2020-11159
RESERVED
-CVE-2020-11158
- RESERVED
+CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...)
+ TODO: check
CVE-2020-11157
RESERVED
CVE-2020-11156
@@ -32407,22 +32423,21 @@ CVE-2020-11137
RESERVED
CVE-2020-11136
RESERVED
-CVE-2020-11135
- RESERVED
+CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...)
+ TODO: check
CVE-2020-11134
RESERVED
-CVE-2020-11133
- RESERVED
+CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...)
+ TODO: check
CVE-2020-11132
RESERVED
CVE-2020-11131
RESERVED
CVE-2020-11130
RESERVED
-CVE-2020-11129
- RESERVED
-CVE-2020-11128
- RESERVED
+CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed ...)
+ TODO: check
+CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11127
RESERVED
@@ -32430,30 +32445,25 @@ CVE-2020-11126
RESERVED
CVE-2020-11125
RESERVED
-CVE-2020-11124
- RESERVED
+CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...)
+ TODO: check
CVE-2020-11123
RESERVED
-CVE-2020-11122
- RESERVED
+CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11121
RESERVED
-CVE-2020-11120
- RESERVED
+CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11119
RESERVED
-CVE-2020-11118
- RESERVED
+CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11117
- RESERVED
-CVE-2020-11116
- RESERVED
+CVE-2020-11117 (u'In the lbd service, an external user can issue a specially crafted d ...)
+ TODO: check
+CVE-2020-11116 (u'Possible out of bound write while processing association response re ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-11115
- RESERVED
+CVE-2020-11115 (u'Buffer over read occurs while processing information element from be ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-11114
RESERVED
@@ -49133,8 +49143,8 @@ CVE-2020-4700
RESERVED
CVE-2020-4699
RESERVED
-CVE-2020-4698
- RESERVED
+CVE-2020-4698 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...)
+ TODO: check
CVE-2020-4697
RESERVED
CVE-2020-4696
@@ -49497,8 +49507,8 @@ CVE-2020-4518
RESERVED
CVE-2020-4517
RESERVED
-CVE-2020-4516
- RESERVED
+CVE-2020-4516 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...)
+ TODO: check
CVE-2020-4515
RESERVED
CVE-2020-4514
@@ -52031,8 +52041,8 @@ CVE-2020-3704
RESERVED
CVE-2020-3703
RESERVED
-CVE-2020-3702
- RESERVED
+CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
+ TODO: check
CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3700 (Possible out of bounds read due to a missing bounds check and could le ...)
@@ -52077,19 +52087,18 @@ CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and remote
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API. ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3679
- RESERVED
+CVE-2020-3679 (u'During execution after Address Space Layout Randomization is turned ...)
+ TODO: check
CVE-2020-3678
RESERVED
CVE-2020-3677
RESERVED
CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...)
NOT-FOR-US: Snapdragon
-CVE-2020-3675
- RESERVED
+CVE-2020-3675 (u'Potential integer underflow while parsing Service Info and IPv6 link ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3674
- RESERVED
+CVE-2020-3674 (u'Information can leak into userspace due to improper transfer of data ...)
+ TODO: check
CVE-2020-3673
RESERVED
CVE-2020-3672
@@ -52098,17 +52107,13 @@ CVE-2020-3671 (Use-after-free issue could occur due to dangling pointer when gen
NOT-FOR-US: Snapdragon
CVE-2020-3670
RESERVED
-CVE-2020-3669
- RESERVED
+CVE-2020-3669 (u'Buffer Overflow issue in WLAN tcp ip verification due to usage of ou ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3668
- RESERVED
+CVE-2020-3668 (u'Buffer overflow while parsing PMF enabled MCBC frames due to frame l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3667
- RESERVED
+CVE-2020-3667 (u'Buffer Overflow in mic calculation for WPA due to copying data into ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3666
- RESERVED
+CVE-2020-3666 (u'Out of bounds memory access during memory copy while processing Host ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...)
NOT-FOR-US: Snapdragon
@@ -52128,8 +52133,8 @@ CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 cli
NOT-FOR-US: Snapdragon
CVE-2020-3657
RESERVED
-CVE-2020-3656
- RESERVED
+CVE-2020-3656 (u'Out of bound access can happen in MHI command process due to lack of ...)
+ TODO: check
CVE-2020-3655
RESERVED
CVE-2020-3654
@@ -52144,28 +52149,23 @@ CVE-2020-3650
RESERVED
CVE-2020-3649
RESERVED
-CVE-2020-3648
- RESERVED
-CVE-2020-3647
- RESERVED
+CVE-2020-3648 (u'Possible out of bound write in DSP driver code due to lack of check ...)
+ TODO: check
+CVE-2020-3647 (u'Potential buffer overflow when accessing npu debugfs node "off"/"log ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3646
- RESERVED
+CVE-2020-3646 (u'Buffer overflow seen as the destination buffer size is lesser than t ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3645 (Firmware will hit assert in WLAN firmware If encrypted data length in ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3644
- RESERVED
+CVE-2020-3644 (u'Information disclosure issue occurs as in current logic Secure Touch ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3643
- RESERVED
+CVE-2020-3643 (u'Information disclosure issue can occur due to partial secure display ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...)
NOT-FOR-US: Snapdragon
CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3640
- RESERVED
+CVE-2020-3640 (u'Resizing the usage table header before passing all the checks leads ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3639
RESERVED
@@ -52173,13 +52173,12 @@ CVE-2020-3638
RESERVED
CVE-2020-3637
RESERVED
-CVE-2020-3636
- RESERVED
+CVE-2020-3636 (u'Out of bound writes happen when accessing usage_table header entry b ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...)
NOT-FOR-US: Snapdragon
-CVE-2020-3634
- RESERVED
+CVE-2020-3634 (u'Multiple Read overflows issue due to improper length check while dec ...)
+ TODO: check
CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3632
@@ -52188,8 +52187,8 @@ CVE-2020-3631
RESERVED
CVE-2020-3630 (Possibility of out of bound access while processing the responses from ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3629
- RESERVED
+CVE-2020-3629 (u'Stack out of bound issue occurs when making query to DSP capabilitie ...)
+ TODO: check
CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...)
NOT-FOR-US: Snapdragon
CVE-2020-3627
@@ -52198,24 +52197,22 @@ CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no pr
NOT-FOR-US: Snapdragon
CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3624
- RESERVED
+CVE-2020-3624 (u'A potential buffer overflow exists due to integer overflow when pars ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3623 (kernel failure due to load failures while running v1 path directly via ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3622
- RESERVED
-CVE-2020-3621
- RESERVED
-CVE-2020-3620
- RESERVED
-CVE-2020-3619
- RESERVED
+CVE-2020-3622 (u'Channel name string which has been read from shared memory is potent ...)
+ TODO: check
+CVE-2020-3621 (u'Lack of check to ensure that the TX read index & RX write index ...)
+ TODO: check
+CVE-2020-3620 (u'Lack of check of integer overflow while doing a round up operation f ...)
+ TODO: check
+CVE-2020-3619 (u'Non-secure memory is touched multiple times during TrustZone\u2019s ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3618 (NULL exception due to accessing bad pointer while posting events on RT ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2020-3617
- RESERVED
+CVE-2020-3617 (u'Buffer over-read Issue in Q6 testbus framework due to diag packet le ...)
+ TODO: check
CVE-2020-3616 (Buffer overflow in display function due to memory copy without checkin ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and ...)
@@ -52226,8 +52223,7 @@ CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory
NOT-FOR-US: Snapdragon
CVE-2020-3612
RESERVED
-CVE-2020-3611
- RESERVED
+CVE-2020-3611 (u'XBL SEC clears only ZI region when loading Qualcomm-signed segments ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3610 (Possibility of double free of the drawobj that is added to the drawque ...)
NOT-FOR-US: Qualcomm components for Android
@@ -77065,17 +77061,15 @@ CVE-2019-14121
RESERVED
CVE-2019-14120
RESERVED
-CVE-2019-14119
- RESERVED
+CVE-2019-14119 (u'While processing SMCInvoke asynchronous message header, message coun ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14118
RESERVED
-CVE-2019-14117
- RESERVED
+CVE-2019-14117 (u'Whenever the page list is updated via privileged user, the previous ...)
+ TODO: check
CVE-2019-14116 (Privilege escalation by using an altered debug policy image can occur ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14115
- RESERVED
+CVE-2019-14115 (u'Information disclosure issue occurs as in current logic as secure to ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14114 (Buffer overflow in WLAN firmware while parsing GTK IE containing GTK k ...)
NOT-FOR-US: Qualcomm components for Android
@@ -77127,8 +77121,7 @@ CVE-2019-14091 (Double free issue in NPU due to lack of resource locking mechani
NOT-FOR-US: Snapdragon
CVE-2019-14090
RESERVED
-CVE-2019-14089
- RESERVED
+CVE-2019-14089 (u'Keymaster attestation key and device IDs provisioning which is a one ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14088 (Possible use after free issue while CRM is accessing the link pointer ...)
NOT-FOR-US: Snapdragon
@@ -77158,8 +77151,8 @@ CVE-2019-14076 (Buffer overflow occurs while processing an subsample data length
NOT-FOR-US: Snapdragon
CVE-2019-14075 (Null pointer dereference issue in radio interface layer due to lack of ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14074
- RESERVED
+CVE-2019-14074 (u'Heap overflow in diag command handler due to lack of check of packet ...)
+ TODO: check
CVE-2019-14073 (Copying RTCP messages into the output buffer without checking the dest ...)
NOT-FOR-US: Snapdragon
CVE-2019-14072 (Unhandled paging request is observed due to dereferencing an already f ...)
@@ -77176,8 +77169,7 @@ CVE-2019-14067 (Using non-time-constant functions like memcmp to compare sensiti
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14066 (Integer overflow in calculating estimated output buffer size when gett ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14065
- RESERVED
+CVE-2019-14065 (u'Pointer double free in HavenSvc due to not setting the pointer to NU ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14064
RESERVED
@@ -77195,8 +77187,7 @@ CVE-2019-14058
RESERVED
CVE-2019-14057 (Buffer Over read of codec private data while parsing an mkv file due t ...)
NOT-FOR-US: Snapdragon
-CVE-2019-14056
- RESERVED
+CVE-2019-14056 (u'Possible integer overflow in API due to lack of check on large oid r ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14055 (Possibility of use-after-free and double free because of not marking b ...)
NOT-FOR-US: Snapdragon
@@ -77204,8 +77195,7 @@ CVE-2019-14054 (Improper permissions in XBL_SEC region enable user to update XBL
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14053 (When attempting to create a new XFRM policy, a stack out-of-bounds rea ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14052
- RESERVED
+CVE-2019-14052 (u'Accessing an uninitialized data structure could result in partially ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14051 (Subsequent additions performed during Module loading while allocating ...)
NOT-FOR-US: Snapdragon
@@ -77259,8 +77249,7 @@ CVE-2019-14027 (Buffer overflow due to lack of upper bound check on channel leng
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14026 (Possible buffer overflow in WLAN WMI handler due to lack of ssid lengt ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-14025
- RESERVED
+CVE-2019-14025 (u'When a new session is created, Object is returned that contains TZ a ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14024 (Possible stack-use-after-scope issue in NFC usecase for card emulation ...)
NOT-FOR-US: Qualcomm components for Android
@@ -77312,24 +77301,22 @@ CVE-2019-14001 (Wrong public key usage from existing oem_keystore for hash gener
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14000 (Lack of check that the RX FIFO write index that is read from shared RA ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-13999
- RESERVED
+CVE-2019-13999 (u'Lack of check for integer overflow for round up and addition operati ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-13998
- RESERVED
+CVE-2019-13998 (u'Lack of check that the TX FIFO write and read indices that are read ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-13997
RESERVED
CVE-2019-13996
RESERVED
-CVE-2019-13995
- RESERVED
-CVE-2019-13994
- RESERVED
+CVE-2019-13995 (u'Lack of integer overflow check for addition of fragment size and rem ...)
+ TODO: check
+CVE-2019-13994 (u'Lack of check that the current received data fragment size of a part ...)
+ TODO: check
CVE-2019-13993
RESERVED
-CVE-2019-13992
- RESERVED
+CVE-2019-13992 (u'Out of bound memory access if stack push and pop operation are perfo ...)
+ TODO: check
CVE-2019-13991 (Embedded systems based on Arduino before Rev3 allow remote attackers t ...)
NOT-FOR-US: Issue on embedded systems based on Arduino before Rev3
CVE-2019-13990 (initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracott ...)
@@ -87866,10 +87853,10 @@ CVE-2019-10631 (Shell Metacharacter Injection in the package installer on Zyxel
NOT-FOR-US: Zyxel
CVE-2019-10630 (A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 a ...)
NOT-FOR-US: Zyxel
-CVE-2019-10629
- RESERVED
-CVE-2019-10628
- RESERVED
+CVE-2019-10629 (u'User Process can potentially corrupt kernel virtual page by passing ...)
+ TODO: check
+CVE-2019-10628 (u'Memory can be potentially corrupted if random index is allowed to ma ...)
+ TODO: check
CVE-2019-10627 (Integer overflow to buffer overflow vulnerability in PostScript image ...)
NOT-FOR-US: Qualcomm
CVE-2019-10626 (Payload size is not validated before reading memory that may cause iss ...)
@@ -87894,8 +87881,7 @@ CVE-2019-10617 (Low privilege users can access service configuration which conta
NOT-FOR-US: Qualcomm
CVE-2019-10616 (Possibility of null pointer access if the SPDM commands are executed i ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2019-10615
- RESERVED
+CVE-2019-10615 (u'Possibility of integer overflow in keymaster 4 while allocating memo ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10614 (Out of boundary access is possible as there is no validation of data a ...)
NOT-FOR-US: Snapdragon
@@ -87933,8 +87919,8 @@ CVE-2019-10598 (Out of bound access can occur while processing peer info in IBSS
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10597 (kernel writes to user passed address without any checks can lead to ar ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10596
- RESERVED
+CVE-2019-10596 (u'Improper access control can lead signed process to guess pid of othe ...)
+ TODO: check
CVE-2019-10595 (Possible buffer overwrite in message handler due to lack of validation ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10594 (Stack overflow can occur when SDP is received with multiple payload ty ...)
@@ -88001,8 +87987,7 @@ CVE-2019-10564 (Possible OOB issue in EEPROM due to lack of check while accessin
NOT-FOR-US: Snapdragon
CVE-2019-10563 (Buffer over-read can occur in fast message handler due to improper inp ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10562
- RESERVED
+CVE-2019-10562 (u'Improper authentication and signature verification of debug polices ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10561 (Improper initialization of local variables which are parameters to sfs ...)
NOT-FOR-US: Snapdragon
@@ -88072,8 +88057,8 @@ CVE-2019-10529 (Possible use after free issue due to race condition while attemp
NOT-FOR-US: Snapdragon
CVE-2019-10528 (Use after free issue in kernel while accessing freed mdlog session inf ...)
NOT-FOR-US: Snapdragon
-CVE-2019-10527
- RESERVED
+CVE-2019-10527 (u'SMEM partition can be manipulated in case of any compromise on HLOS, ...)
+ TODO: check
CVE-2019-10526 (Out of bound write in WLAN driver due to NULL character not properly p ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-10525 (Buffer overflow during SIB read when network configures complete sib l ...)
@@ -133006,8 +132991,7 @@ CVE-2018-13905 (KGSL syncsource lock not handled properly during syncsource clea
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13904 (Improper input validation in SCM handler to access storage in TZ can l ...)
NOT-FOR-US: Qualcomm components for Android
-CVE-2018-13903
- RESERVED
+CVE-2018-13903 (u'Error in UE due to race condition in EPCO handling' in Snapdragon Au ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-13902 (Out of bounds memory read and access due to improper array index valid ...)
NOT-FOR-US: Qualcomm components for Android
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba36d2873828d6712314b9a627785bf702b3a8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ba36d2873828d6712314b9a627785bf702b3a8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200909/7951dfc0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list