[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 18 09:10:23 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b44a60c2 by security tracker role at 2020-09-18T08:10:14+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,53 @@
+CVE-2020-25764
+ RESERVED
+CVE-2020-25763
+ RESERVED
+CVE-2020-25762
+ RESERVED
+CVE-2020-25761
+ RESERVED
+CVE-2020-25760
+ RESERVED
+CVE-2020-25759
+ RESERVED
+CVE-2020-25758
+ RESERVED
+CVE-2020-25757
+ RESERVED
+CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...)
+ TODO: check
+CVE-2020-25755
+ RESERVED
+CVE-2020-25754
+ RESERVED
+CVE-2020-25753
+ RESERVED
+CVE-2020-25752
+ RESERVED
+CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via ...)
+ TODO: check
+CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...)
+ TODO: check
+CVE-2020-25749
+ RESERVED
+CVE-2020-25748
+ RESERVED
+CVE-2020-25747
+ RESERVED
+CVE-2020-25746
+ RESERVED
+CVE-2020-25745
+ RESERVED
+CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to ...)
+ TODO: check
+CVE-2020-25743
+ RESERVED
+CVE-2020-25742
+ RESERVED
+CVE-2020-25741
+ RESERVED
+CVE-2020-25740
+ RESERVED
CVE-2020-25739
RESERVED
CVE-2020-25738
@@ -6,12 +56,12 @@ CVE-2020-25737
RESERVED
CVE-2020-25736
RESERVED
-CVE-2020-25735
- RESERVED
-CVE-2020-25734
- RESERVED
-CVE-2020-25733
- RESERVED
+CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...)
+ TODO: check
+CVE-2020-25734 (webTareas through 2.1 allows files/Default/ Directory Listing. ...)
+ TODO: check
+CVE-2020-25733 (webTareas through 2.1 allows upload of the dangerous .exe and .shtml f ...)
+ TODO: check
CVE-2020-25732
RESERVED
CVE-2020-25731
@@ -21914,18 +21964,18 @@ CVE-2020-15189
RESERVED
CVE-2020-15188
RESERVED
-CVE-2020-15187
- RESERVED
-CVE-2020-15186
- RESERVED
-CVE-2020-15185
- RESERVED
-CVE-2020-15184
- RESERVED
-CVE-2020-15183
- RESERVED
-CVE-2020-15182
- RESERVED
+CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...)
+ TODO: check
+CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...)
+ TODO: check
+CVE-2020-15185 (In Helm before versions 2.16.11 and 3.3.2, a Helm repository can conta ...)
+ TODO: check
+CVE-2020-15184 (In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the ...)
+ TODO: check
+CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting ...)
+ TODO: check
+CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...)
+ TODO: check
CVE-2020-15181
RESERVED
CVE-2020-15180
@@ -27086,8 +27136,8 @@ CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/E
CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...)
- gitlab <not-affected> (Only affects GitLab 12.6 and later)
NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
-CVE-2020-13260
- RESERVED
+CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...)
+ TODO: check
CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...)
NOT-FOR-US: RAD SecFlow-1v os-image
CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...)
@@ -47721,10 +47771,10 @@ CVE-2020-5631
RESERVED
CVE-2020-5630
RESERVED
-CVE-2020-5629
- RESERVED
-CVE-2020-5628
- RESERVED
+CVE-2020-5629 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...)
+ TODO: check
+CVE-2020-5628 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...)
+ TODO: check
CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows remote att ...)
NOT-FOR-US: Yodobashi App for Android
CVE-2020-5626
@@ -47767,10 +47817,10 @@ CVE-2020-5608 (CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08
NOT-FOR-US: Yokogawa CAMS
CVE-2020-5607 (Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows re ...)
NOT-FOR-US: SHIRASAGI
-CVE-2020-5606
- RESERVED
-CVE-2020-5605
- RESERVED
+CVE-2020-5606 (Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earli ...)
+ TODO: check
+CVE-2020-5605 (Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlie ...)
+ TODO: check
CVE-2020-5604 (Android App 'Mercari' (Japan version) prior to version 3.52.0 allows a ...)
NOT-FOR-US: Mercari
CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi Electori ...)
@@ -64741,10 +64791,10 @@ CVE-2020-0428 (In CamX code, there is a possible use after free due to a race co
TODO: check
CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...)
TODO: check
-CVE-2020-0426
- RESERVED
-CVE-2020-0425
- RESERVED
+CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an unsafe ...)
+ TODO: check
+CVE-2020-0425 (There is a possible way to view notifications even when the "Lockdown" ...)
+ TODO: check
CVE-2020-0424
RESERVED
CVE-2020-0423
@@ -64781,8 +64831,8 @@ CVE-2020-0408
RESERVED
CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...)
TODO: check
-CVE-2020-0406
- RESERVED
+CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...)
+ TODO: check
CVE-2020-0405
RESERVED
CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...)
@@ -64847,56 +64897,56 @@ CVE-2020-0377
RESERVED
CVE-2020-0376
RESERVED
-CVE-2020-0375
- RESERVED
-CVE-2020-0374
- RESERVED
-CVE-2020-0373
- RESERVED
-CVE-2020-0372
- RESERVED
+CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a missing p ...)
+ TODO: check
+CVE-2020-0374 (In NFC, there is a possible permission bypass due to an unsafe Pending ...)
+ TODO: check
+CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds read due t ...)
+ TODO: check
+CVE-2020-0372 (In ActivityManager, there is a possible access to protected data due t ...)
+ TODO: check
CVE-2020-0371
RESERVED
-CVE-2020-0370
- RESERVED
-CVE-2020-0369
- RESERVED
+CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to missing bo ...)
+ TODO: check
+CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an integer o ...)
+ TODO: check
CVE-2020-0368
RESERVED
CVE-2020-0367
RESERVED
-CVE-2020-0366
- RESERVED
+CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...)
+ TODO: check
CVE-2020-0365
RESERVED
-CVE-2020-0364
- RESERVED
-CVE-2020-0363
- RESERVED
-CVE-2020-0362
- RESERVED
-CVE-2020-0361
- RESERVED
-CVE-2020-0360
- RESERVED
-CVE-2020-0359
- RESERVED
-CVE-2020-0358
- RESERVED
-CVE-2020-0357
- RESERVED
-CVE-2020-0356
- RESERVED
-CVE-2020-0355
- RESERVED
+CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...)
+ TODO: check
+CVE-2020-0362 (In libstagefright, there is a possible resource exhaustion due to impr ...)
+ TODO: check
+CVE-2020-0361 (In libDRCdec, there is a possible information disclosure due to uninit ...)
+ TODO: check
+CVE-2020-0360 (In Notification Access Confirmation, there is a possible permissions b ...)
+ TODO: check
+CVE-2020-0359 (In GLESRenderEngine, there is a possible out of bounds read due to a b ...)
+ TODO: check
+CVE-2020-0358 (In SurfaceFlinger, there is a possible use after free due to a race co ...)
+ TODO: check
+CVE-2020-0357 (In SurfaceFlinger, there is a possible use-after-free due to improper ...)
+ TODO: check
+CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to an in ...)
+ TODO: check
+CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...)
+ TODO: check
CVE-2020-0354
RESERVED
-CVE-2020-0353
- RESERVED
-CVE-2020-0352
- RESERVED
-CVE-2020-0351
- RESERVED
+CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...)
+ TODO: check
+CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
+ TODO: check
+CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...)
+ TODO: check
CVE-2020-0350
RESERVED
CVE-2020-0349
@@ -64905,88 +64955,88 @@ CVE-2020-0348
RESERVED
CVE-2020-0347
RESERVED
-CVE-2020-0346
- RESERVED
-CVE-2020-0345
- RESERVED
-CVE-2020-0344
- RESERVED
-CVE-2020-0343
- RESERVED
+CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...)
+ TODO: check
+CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...)
+ TODO: check
+CVE-2020-0344 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
+ TODO: check
+CVE-2020-0343 (In NetworkStatsService, there is a possible access to protected data d ...)
+ TODO: check
CVE-2020-0342 (There is a possible out of bounds write due to an incorrect bounds che ...)
TODO: check
-CVE-2020-0341
- RESERVED
-CVE-2020-0340
- RESERVED
+CVE-2020-0341 (In DisplayManager, there is a possible permission bypass due to a miss ...)
+ TODO: check
+CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information disclosure d ...)
+ TODO: check
CVE-2020-0339
RESERVED
-CVE-2020-0338
- RESERVED
-CVE-2020-0337
- RESERVED
-CVE-2020-0336
- RESERVED
+CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions check d ...)
+ TODO: check
+CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions check du ...)
+ TODO: check
+CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...)
+ TODO: check
CVE-2020-0335
RESERVED
CVE-2020-0334
RESERVED
-CVE-2020-0333
- RESERVED
-CVE-2020-0332
- RESERVED
+CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...)
+ TODO: check
+CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...)
+ TODO: check
CVE-2020-0331
RESERVED
-CVE-2020-0330
- RESERVED
-CVE-2020-0329
- RESERVED
-CVE-2020-0328
- RESERVED
+CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...)
+ TODO: check
+CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...)
+ TODO: check
+CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...)
+ TODO: check
CVE-2020-0327
RESERVED
CVE-2020-0326
RESERVED
CVE-2020-0325
RESERVED
-CVE-2020-0324
- RESERVED
-CVE-2020-0323
- RESERVED
-CVE-2020-0322
- RESERVED
-CVE-2020-0321
- RESERVED
-CVE-2020-0320
- RESERVED
+CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...)
+ TODO: check
+CVE-2020-0322 (In apexd, there is a possible out of bounds read due to a missing boun ...)
+ TODO: check
+CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due to u ...)
+ TODO: check
+CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...)
+ TODO: check
CVE-2020-0319
RESERVED
CVE-2020-0318
RESERVED
-CVE-2020-0317
- RESERVED
+CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...)
+ TODO: check
CVE-2020-0316
RESERVED
CVE-2020-0315
RESERVED
-CVE-2020-0314
- RESERVED
+CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead ...)
+ TODO: check
CVE-2020-0313
RESERVED
-CVE-2020-0312
- RESERVED
+CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...)
+ TODO: check
CVE-2020-0311
RESERVED
CVE-2020-0310
RESERVED
CVE-2020-0309
RESERVED
-CVE-2020-0308
- RESERVED
+CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...)
+ TODO: check
CVE-2020-0307
RESERVED
-CVE-2020-0306
- RESERVED
+CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...)
+ TODO: check
CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...)
- linux 5.4.13-1
[buster] - linux 4.19.98-1
@@ -64995,40 +65045,40 @@ CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due
NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079
CVE-2020-0304
RESERVED
-CVE-2020-0303
- RESERVED
+CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...)
+ TODO: check
CVE-2020-0302
RESERVED
-CVE-2020-0301
- RESERVED
+CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...)
+ TODO: check
CVE-2020-0300
RESERVED
CVE-2020-0299
RESERVED
CVE-2020-0298
RESERVED
-CVE-2020-0297
- RESERVED
-CVE-2020-0296
- RESERVED
+CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to ...)
+ TODO: check
+CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...)
+ TODO: check
CVE-2020-0295
RESERVED
CVE-2020-0294
RESERVED
-CVE-2020-0293
- RESERVED
+CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...)
+ TODO: check
CVE-2020-0292
RESERVED
CVE-2020-0291
RESERVED
-CVE-2020-0290
- RESERVED
-CVE-2020-0289
- RESERVED
-CVE-2020-0288
- RESERVED
-CVE-2020-0287
- RESERVED
+CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...)
+ TODO: check
+CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...)
+ TODO: check
+CVE-2020-0288 (In PackageManager, there is a missing permission check. This could lea ...)
+ TODO: check
+CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...)
+ TODO: check
CVE-2020-0286
RESERVED
CVE-2020-0285
@@ -65043,38 +65093,38 @@ CVE-2020-0281
RESERVED
CVE-2020-0280
RESERVED
-CVE-2020-0279
- RESERVED
+CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...)
+ TODO: check
CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...)
TODO: check
-CVE-2020-0277
- RESERVED
+CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...)
+ TODO: check
CVE-2020-0276
RESERVED
-CVE-2020-0275
- RESERVED
-CVE-2020-0274
- RESERVED
+CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...)
+ TODO: check
+CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...)
+ TODO: check
CVE-2020-0273
RESERVED
CVE-2020-0272
RESERVED
CVE-2020-0271
RESERVED
-CVE-2020-0270
- RESERVED
+CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...)
+ TODO: check
CVE-2020-0269
RESERVED
CVE-2020-0268
RESERVED
-CVE-2020-0267
- RESERVED
-CVE-2020-0266
- RESERVED
+CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due ...)
+ TODO: check
+CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...)
+ TODO: check
CVE-2020-0265
RESERVED
-CVE-2020-0264
- RESERVED
+CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...)
+ TODO: check
CVE-2020-0263
RESERVED
CVE-2020-0262
@@ -65354,8 +65404,8 @@ CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a
NOT-FOR-US: Android Media Framework
CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0130
- RESERVED
+CVE-2020-0130 (In screencap, there is a possible command injection due to improper in ...)
+ TODO: check
CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...)
NOT-FOR-US: Android
CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...)
@@ -65364,8 +65414,8 @@ CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out
NOT-FOR-US: Android Media Framework
CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0125
- RESERVED
+CVE-2020-0125 (In mediadrm, there is a possible out of bounds read due to a missing b ...)
+ TODO: check
CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...)
NOT-FOR-US: Android
CVE-2020-0123 (There is a possible out of bounds write due to an incorrect bounds che ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b44a60c2cfce82b470714bc0c2277a6b41458b6c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b44a60c2cfce82b470714bc0c2277a6b41458b6c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200918/e7b57c93/attachment.html>
More information about the debian-security-tracker-commits
mailing list