[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 18 21:10:33 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
daafe456 by security tracker role at 2020-09-18T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2020-25768
+ RESERVED
+CVE-2020-25767
+ RESERVED
+CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
+ TODO: check
+CVE-2020-25765
+ RESERVED
CVE-2020-25764
RESERVED
CVE-2020-25763
@@ -263,8 +271,8 @@ CVE-2020-25635
CVE-2020-25634
RESERVED
NOT-FOR-US: 3scale
-CVE-2020-25633
- RESERVED
+CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...)
+ TODO: check
CVE-2020-25632
RESERVED
CVE-2020-25631
@@ -1014,6 +1022,7 @@ CVE-2020-25271
CVE-2020-25270
RESERVED
CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...)
+ {DSA-4764-1}
- inspircd <unfixed> (bug #960650)
NOTE: https://docs.inspircd.org/security/2020-01/
NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2)
@@ -1118,6 +1127,7 @@ CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence
NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0)
NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0)
CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...)
+ {DSA-4764-1}
- inspircd 3.3.0-1
NOTE: https://docs.inspircd.org/security/2019-02/
NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2)
@@ -2423,8 +2433,8 @@ CVE-2020-24625
RESERVED
CVE-2020-24624
RESERVED
-CVE-2020-24623
- RESERVED
+CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...)
+ TODO: check
CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
NOT-FOR-US: Sonatype
CVE-2020-24621
@@ -19402,8 +19412,8 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow
NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3
NOTE: Upstream of the project did disputed the CVE. Upstream position is
NOTE: that the refererred behaviour is intended functionality.
-CVE-2020-16247
- RESERVED
+CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+ TODO: check
CVE-2020-16246
RESERVED
CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
@@ -19436,8 +19446,8 @@ CVE-2020-16232
RESERVED
CVE-2020-16231
RESERVED
-CVE-2020-16230
- RESERVED
+CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...)
+ TODO: check
CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...)
NOT-FOR-US: Advantech WebAccess
CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
@@ -19496,12 +19506,12 @@ CVE-2020-16202
RESERVED
CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16200
- RESERVED
+CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+ TODO: check
CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16198
- RESERVED
+CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...)
+ TODO: check
CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...)
NOT-FOR-US: Octopus Deploy
CVE-2020-16196
@@ -20016,8 +20026,8 @@ CVE-2020-15959
RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15958
- RESERVED
+CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...)
+ TODO: check
CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...)
NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T)
CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...)
@@ -20498,26 +20508,26 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c r
NOTE: of breaking existing workflows.
CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...)
NOT-FOR-US: Maven Extension plugin for Gradle Enterprise
-CVE-2020-15776
- RESERVED
-CVE-2020-15775
- RESERVED
-CVE-2020-15774
- RESERVED
-CVE-2020-15773
- RESERVED
-CVE-2020-15772
- RESERVED
-CVE-2020-15771
- RESERVED
-CVE-2020-15770
- RESERVED
-CVE-2020-15769
- RESERVED
-CVE-2020-15768
- RESERVED
-CVE-2020-15767
- RESERVED
+CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF m ...)
+ TODO: check
+CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrest ...)
+ TODO: check
+CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Becaus ...)
+ TODO: check
+CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...)
+ TODO: check
+CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There ...)
+ TODO: check
+CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...)
+ TODO: check
+CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. There is a lack o ...)
+ TODO: check
+CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...)
+ TODO: check
+CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...)
+ TODO: check
+CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of ...)
+ TODO: check
CVE-2020-15766
RESERVED
CVE-2020-15765
@@ -20994,6 +21004,7 @@ CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php us
NOT-FOR-US: Victor CMS
CVE-2020-15598
RESERVED
+ {DSA-4765-1}
- modsecurity 3.0.4-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588
NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/
@@ -21243,11 +21254,11 @@ CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU L
NOT-FOR-US: Nordic Semiconductor
CVE-2020-15508
RESERVED
-CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core and Connect ...)
+CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core versions 10 ...)
NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15506 (An Authentication Bypass vulnerability in MobileIron Core and Connecto ...)
+CVE-2020-15506 (An authentication bypass vulnerability in MobileIron Core & Connec ...)
NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core and Connector ...)
+CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core & Connect ...)
NOT-FOR-US: MobileIron Core and Connector
CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...)
NOT-FOR-US: Sophos
@@ -21970,10 +21981,10 @@ CVE-2020-15191
RESERVED
CVE-2020-15190
RESERVED
-CVE-2020-15189
- RESERVED
-CVE-2020-15188
- RESERVED
+CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...)
+ TODO: check
+CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...)
+ TODO: check
CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...)
TODO: check
CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...)
@@ -21986,8 +21997,8 @@ CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scr
NOT-FOR-US: SoyCMS
CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...)
NOT-FOR-US: SoyCMS
-CVE-2020-15181
- RESERVED
+CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...)
+ TODO: check
CVE-2020-15180
RESERVED
CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...)
@@ -23463,8 +23474,8 @@ CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of O
NOT-FOR-US: Oracle
CVE-2020-14526
RESERVED
-CVE-2020-14525
- RESERVED
+CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+ TODO: check
CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...)
NOT-FOR-US: Softing Industrial Automation
CVE-2020-14523
@@ -23501,8 +23512,8 @@ CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vuln
NOT-FOR-US: GateManager
CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...)
NOT-FOR-US: Advantech
-CVE-2020-14506
- RESERVED
+CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
+ TODO: check
CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...)
NOT-FOR-US: Advantech
CVE-2020-14504
@@ -24090,8 +24101,7 @@ CVE-2020-14391
RESERVED
- gnome-settings-daemon <not-affected> (Red Hat-specific plugin)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
-CVE-2020-14390
- RESERVED
+CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 through 5. ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2
@@ -25152,8 +25162,8 @@ CVE-2020-14031
RESERVED
CVE-2020-14030
RESERVED
-CVE-2020-14029
- RESERVED
+CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...)
+ TODO: check
CVE-2020-14028
RESERVED
CVE-2020-14027
@@ -25168,8 +25178,8 @@ CVE-2020-14023
RESERVED
CVE-2020-14022
RESERVED
-CVE-2020-14021
- RESERVED
+CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...)
+ TODO: check
CVE-2020-14020
RESERVED
CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...)
@@ -37606,10 +37616,10 @@ CVE-2020-9747
RESERVED
CVE-2020-9746
RESERVED
-CVE-2020-9745
- RESERVED
-CVE-2020-9744
- RESERVED
+CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+ TODO: check
+CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+ TODO: check
CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
NOT-FOR-US: Adobe AEM
CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...)
@@ -37618,8 +37628,8 @@ CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2
NOT-FOR-US: Adobe AEM
CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
NOT-FOR-US: Adobe AEM
-CVE-2020-9739
- RESERVED
+CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
+ TODO: check
CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
NOT-FOR-US: Adobe AEM
CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...)
@@ -39161,8 +39171,8 @@ CVE-2020-9086
RESERVED
CVE-2020-9085
RESERVED
-CVE-2020-9084
- RESERVED
+CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...)
+ TODO: check
CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...)
NOT-FOR-US: Huawei
CVE-2020-9082
@@ -42006,8 +42016,8 @@ CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0
NOT-FOR-US: Login by Auth0 plugin for WordPress
CVE-2020-7946
RESERVED
-CVE-2020-7945
- RESERVED
+CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...)
+ TODO: check
CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...)
NOT-FOR-US: Puppet Enterprise
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...)
@@ -43387,8 +43397,8 @@ CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in Sm
NOT-FOR-US: SmartControl
CVE-2020-7359
RESERVED
-CVE-2020-7358
- RESERVED
+CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider instal ...)
+ TODO: check
CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...)
NOT-FOR-US: Cayin CMS
CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...)
@@ -47056,10 +47066,10 @@ CVE-2020-5978
RESERVED
CVE-2020-5977
RESERVED
-CVE-2020-5976
- RESERVED
-CVE-2020-5975
- RESERVED
+CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...)
+ TODO: check
+CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...)
+ TODO: check
CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...)
NOT-FOR-US: NVIDIA
CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...)
@@ -51801,8 +51811,8 @@ CVE-2020-3981
RESERVED
CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...)
NOT-FOR-US: VMware
-CVE-2020-3979
- RESERVED
+CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...)
+ TODO: check
CVE-2020-3978
RESERVED
CVE-2020-3977
@@ -64846,8 +64856,8 @@ CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some i
TODO: check
CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...)
TODO: check
-CVE-2020-0405
- RESERVED
+CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...)
+ TODO: check
CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...)
- linux 5.4.19-1
[buster] - linux 4.19.118-1
@@ -64930,8 +64940,8 @@ CVE-2020-0367
RESERVED
CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...)
TODO: check
-CVE-2020-0365
- RESERVED
+CVE-2020-0365 (In netd, there is a possible out of bounds read due to a missing bound ...)
+ TODO: check
CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing ...)
TODO: check
CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...)
@@ -64952,22 +64962,22 @@ CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to
TODO: check
CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...)
TODO: check
-CVE-2020-0354
- RESERVED
+CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a missing ...)
+ TODO: check
CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...)
TODO: check
CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...)
TODO: check
CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...)
TODO: check
-CVE-2020-0350
- RESERVED
-CVE-2020-0349
- RESERVED
-CVE-2020-0348
- RESERVED
-CVE-2020-0347
- RESERVED
+CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...)
+ TODO: check
CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...)
TODO: check
CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...)
@@ -64990,28 +65000,28 @@ CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions che
TODO: check
CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...)
TODO: check
-CVE-2020-0335
- RESERVED
-CVE-2020-0334
- RESERVED
+CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...)
TODO: check
CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...)
TODO: check
-CVE-2020-0331
- RESERVED
+CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could lead t ...)
+ TODO: check
CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...)
TODO: check
CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...)
TODO: check
CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...)
TODO: check
-CVE-2020-0327
- RESERVED
-CVE-2020-0326
- RESERVED
-CVE-2020-0325
- RESERVED
+CVE-2020-0327 (In core networking, there is a missing permission check. This could le ...)
+ TODO: check
+CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitialized d ...)
+ TODO: check
+CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to local info ...)
+ TODO: check
CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...)
TODO: check
CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...)
@@ -65022,32 +65032,32 @@ CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due
TODO: check
CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...)
TODO: check
-CVE-2020-0319
- RESERVED
-CVE-2020-0318
- RESERVED
+CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a missing bound ...)
+ TODO: check
+CVE-2020-0318 (In the System UI, there is a possible system crash due to an uncaught ...)
+ TODO: check
CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...)
TODO: check
-CVE-2020-0316
- RESERVED
-CVE-2020-0315
- RESERVED
+CVE-2020-0316 (In Telephony, there is a missing permission check. This could lead to ...)
+ TODO: check
+CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an unsafe Pe ...)
+ TODO: check
CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead ...)
TODO: check
-CVE-2020-0313
- RESERVED
+CVE-2020-0313 (In NotificationManagerService, there is a possible permission bypass d ...)
+ TODO: check
CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...)
TODO: check
-CVE-2020-0311
- RESERVED
-CVE-2020-0310
- RESERVED
-CVE-2020-0309
- RESERVED
+CVE-2020-0311 (In InputManagerService, there is a possible permission bypass due to a ...)
+ TODO: check
+CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+ TODO: check
+CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds write due t ...)
+ TODO: check
CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...)
TODO: check
-CVE-2020-0307
- RESERVED
+CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+ TODO: check
CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...)
TODO: check
CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...)
@@ -65056,34 +65066,34 @@ CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due
[stretch] - linux 4.9.210-1
[jessie] - linux 3.16.84-1
NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079
-CVE-2020-0304
- RESERVED
+CVE-2020-0304 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+ TODO: check
CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...)
TODO: check
-CVE-2020-0302
- RESERVED
+CVE-2020-0302 (In Settings, there is a possible permission bypass due to an unsafe Pe ...)
+ TODO: check
CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...)
TODO: check
-CVE-2020-0300
- RESERVED
-CVE-2020-0299
- RESERVED
-CVE-2020-0298
- RESERVED
+CVE-2020-0300 (In NFC, there is a possible out of bounds read due to uninitialized da ...)
+ TODO: check
+CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device metadat ...)
+ TODO: check
+CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth enabled state ...)
+ TODO: check
CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to ...)
TODO: check
CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...)
TODO: check
-CVE-2020-0295
- RESERVED
-CVE-2020-0294
- RESERVED
+CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...)
+ TODO: check
+CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass due to ...)
+ TODO: check
CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...)
TODO: check
-CVE-2020-0292
- RESERVED
-CVE-2020-0291
- RESERVED
+CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
+CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a missing ...)
+ TODO: check
CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...)
TODO: check
CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...)
@@ -65092,18 +65102,18 @@ CVE-2020-0288 (In PackageManager, there is a missing permission check. This coul
TODO: check
CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...)
TODO: check
-CVE-2020-0286
- RESERVED
-CVE-2020-0285
- RESERVED
-CVE-2020-0284
- RESERVED
+CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata due to ...)
+ TODO: check
+CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a missing p ...)
+ TODO: check
+CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a missing p ...)
+ TODO: check
CVE-2020-0283
RESERVED
-CVE-2020-0282
- RESERVED
-CVE-2020-0281
- RESERVED
+CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
+CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing bounds ...)
+ TODO: check
CVE-2020-0280
RESERVED
CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...)
@@ -65112,36 +65122,36 @@ CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bound
TODO: check
CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...)
TODO: check
-CVE-2020-0276
- RESERVED
+CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a missing p ...)
+ TODO: check
CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...)
TODO: check
CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...)
TODO: check
-CVE-2020-0273
- RESERVED
-CVE-2020-0272
- RESERVED
-CVE-2020-0271
- RESERVED
+CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write due to fr ...)
+ TODO: check
+CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to unin ...)
+ TODO: check
+CVE-2020-0271 (In the Settings app, there is an insecure default value. This could le ...)
+ TODO: check
CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...)
TODO: check
-CVE-2020-0269
- RESERVED
-CVE-2020-0268
- RESERVED
+CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass due to ...)
+ TODO: check
+CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race condition. Th ...)
+ TODO: check
CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due ...)
TODO: check
CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...)
TODO: check
-CVE-2020-0265
- RESERVED
+CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to missin ...)
+ TODO: check
CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...)
TODO: check
-CVE-2020-0263
- RESERVED
-CVE-2020-0262
- RESERVED
+CVE-2020-0263 (In the Accessibility service, there is a possible permission bypass du ...)
+ TODO: check
+CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled intent due ...)
+ TODO: check
CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due to a mi ...)
NOT-FOR-US: C2 flame devices
CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...)
@@ -65509,8 +65519,8 @@ CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for met
NOT-FOR-US: Mediatek components for Android
CVE-2020-0090 (An improper authorization in the receiver component of Email.Product: ...)
NOT-FOR-US: Mediatek components for Android
-CVE-2020-0089
- RESERVED
+CVE-2020-0089 (In the audio server, there is a missing permission check. This could l ...)
+ TODO: check
CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daafe456767dcce9a61a23a15277067e051e350e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/daafe456767dcce9a61a23a15277067e051e350e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200918/f40be414/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list