Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
74e1238b by security tracker role at 2020-12-15T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -150,10 +150,10 @@ CVE-2020-35398
RESERVED
CVE-2020-35397
RESERVED
-CVE-2020-35396
- RESERVED
-CVE-2020-35395
- RESERVED
+CVE-2020-35396 (EGavilan Barcodes generator 1.0 is affected by: Cross Site
Scripting ( ...)
+ TODO: check
+CVE-2020-35395 (XSS in the Add Expense Component of EGavilan Media Expense
Management ...)
+ TODO: check
CVE-2020-35394
RESERVED
CVE-2020-35393
@@ -2523,30 +2523,27 @@ CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C
Library (aka glibc or libc6
NOTE:
https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61
CVE-2020-29572
(app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp ...)
NOT-FOR-US: MISP
-CVE-2020-29571
- RESERVED
+CVE-2020-29571 (An issue was discovered in Xen through 4.14.x. A bounds check
common t ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-359.html
-CVE-2020-29570
- RESERVED
+CVE-2020-29570 (An issue was discovered in Xen through 4.14.x. Recording of
the per-vC ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-358.html
-CVE-2020-29569
- RESERVED
+CVE-2020-29569 (An issue was discovered in the Linux kernel through 5.10.1, as
used wi ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-350.html
-CVE-2020-29568
- RESERVED
+CVE-2020-29568 (An issue was discovered in Xen through 4.14.x. Some OSes (such
as Linu ...)
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-349.html
-CVE-2020-29567
- RESERVED
+CVE-2020-29567 (An issue was discovered in Xen 4.14.x. When moving IRQs
between CPUs t ...)
- xen 4.14.0+88-g1d1d1f5391-1
[buster] - xen <not-affected> (Only affects 4.14)
[stretch] - xen <not-affected> (Only affects 4.14)
NOTE: https://xenbits.xen.org/xsa/advisory-356.html
-CVE-2020-29566
- RESERVED
+CVE-2020-29566 (An issue was discovered in Xen through 4.14.x. When they
require assis ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-348.html
CVE-2020-29565 (An issue was discovered in OpenStack Horizon before 15.3.2,
16.x befor ...)
@@ -2923,39 +2920,38 @@ CVE-2021-1636
RESERVED
CVE-2020-29488
RESERVED
-CVE-2020-29487
- RESERVED
+CVE-2020-29487 (An issue was discovered in Xen XAPI before 2020-12-15. Certain
xenstor ...)
NOT-FOR-US: xapi
-CVE-2020-29486
- RESERVED
+CVE-2020-29486 (An issue was discovered in Xen through 4.14.x. Nodes in
xenstore have ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-352.html
-CVE-2020-29485
- RESERVED
+CVE-2020-29485 (An issue was discovered in Xen 4.6 through 4.14.x. When acting
upon a ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-330.html
-CVE-2020-29484 [Xenstore: guests can crash xenstored via watchs]
- RESERVED
+CVE-2020-29484 (An issue was discovered in Xen through 4.14.x. When a Xenstore
watch f ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-324.html
-CVE-2020-29483 [Xenstore: guests can disturb domain cleanup]
- RESERVED
+CVE-2020-29483 (An issue was discovered in Xen through 4.14.x. Xenstored and
guests co ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-325.html
-CVE-2020-29482 [Xenstore: wrong path length check]
- RESERVED
+CVE-2020-29482 (An issue was discovered in Xen through 4.14.x. A guest may
access xens ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-323.html
-CVE-2020-29481 [Xenstore: new domains inheriting existing node permissions]
- RESERVED
+CVE-2020-29481 (An issue was discovered in Xen through 4.14.x. Access rights
of Xensto ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-322.html
-CVE-2020-29480
- RESERVED
+CVE-2020-29480 (An issue was discovered in Xen through 4.14.x. Neither
xenstore implem ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-115.html
-CVE-2020-29479
- RESERVED
+CVE-2020-29479 (An issue was discovered in Xen through 4.14.x. In the Ocaml
xenstored ...)
+ {DSA-4812-1}
- xen 4.14.0+88-g1d1d1f5391-1
NOTE: https://xenbits.xen.org/xsa/advisory-353.html
CVE-2020-29478
@@ -6328,10 +6324,10 @@ CVE-2020-28459
RESERVED
CVE-2020-28458
RESERVED
-CVE-2020-28457
- RESERVED
-CVE-2020-28456
- RESERVED
+CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search
functional ...)
+ TODO: check
+CVE-2020-28456 (The package s-cart/core before 4.4 are vulnerable to
Cross-site Script ...)
+ TODO: check
CVE-2020-28455
RESERVED
CVE-2020-28454
@@ -6358,8 +6354,8 @@ CVE-2020-28444
RESERVED
CVE-2020-28443
RESERVED
-CVE-2020-28442
- RESERVED
+CVE-2020-28442 (All versions of package js-data are vulnerable to Prototype
Pollution ...)
+ TODO: check
CVE-2020-28441
RESERVED
CVE-2020-28440 (All versions of package corenlp-js-interface are vulnerable to
Command ...)
@@ -8401,8 +8397,8 @@ CVE-2020-28205
RESERVED
CVE-2020-28204
RESERVED
-CVE-2020-28203
- RESERVED
+CVE-2020-28203 (An issue was discovered in Foxit Reader and PhantomPDF
10.1.0.37527 an ...)
+ TODO: check
CVE-2020-28202
RESERVED
CVE-2020-28201
@@ -9541,7 +9537,7 @@ CVE-2020-27788
RESERVED
CVE-2020-27787
RESERVED
-CVE-2020-27786 (A flaw was found in the Linux kernels implementation of MIDI
(kernel 5 ...)
+CVE-2020-27786 (A flaw was found in the Linux kernels implementation of MIDI,
where an ...)
- linux 5.6.14-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -9572,8 +9568,7 @@ CVE-2020-27778 (A flaw was found in Poppler in the way
certain PDF files were co
[stretch] - poppler <postponed> (Minor issue; maybe worth fixing later)
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742
NOTE:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a
(poppler-0.76.0)
-CVE-2020-27777
- RESERVED
+CVE-2020-27777 (A flaw was found in the way RTAS handled memory accesses in
userspace ...)
{DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
@@ -11497,8 +11492,8 @@ CVE-2020-27149
RESERVED
CVE-2020-27148
RESERVED
-CVE-2020-27147
- RESERVED
+CVE-2020-27147 (The REST API component of TIBCO Software Inc.'s TIBCO
PartnerExpress c ...)
+ TODO: check
CVE-2020-27146 (The Core component of TIBCO Software Inc.'s TIBCO iProcess
Workspace ( ...)
NOT-FOR-US: TIBCO
CVE-2020-27145
@@ -11655,18 +11650,16 @@ CVE-2020-27070
RESERVED
CVE-2020-27069
RESERVED
-CVE-2020-27068
- RESERVED
+CVE-2020-27068 (In the nl80211_policy policy of nl80211.c, there is a possible
out of ...)
- linux 5.5.13-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
NOTE:
https://git.kernel.org/linus/ea75080110a4c1fa011b0a73cb8f42227143ee3e
-CVE-2020-27067
- RESERVED
+CVE-2020-27067 (In the l2tp subsystem, there is a possible use after free due
to a rac ...)
- linux 4.15.4-1
[stretch] - linux 4.9.228-1
-CVE-2020-27066
- RESERVED
+CVE-2020-27066 (In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is
a possib ...)
+ TODO: check
CVE-2020-27065
RESERVED
CVE-2020-27064
@@ -11683,80 +11676,80 @@ CVE-2020-27059
RESERVED
CVE-2020-27058
RESERVED
-CVE-2020-27057
- RESERVED
-CVE-2020-27056
- RESERVED
-CVE-2020-27055
- RESERVED
-CVE-2020-27054
- RESERVED
-CVE-2020-27053
- RESERVED
-CVE-2020-27052
- RESERVED
-CVE-2020-27051
- RESERVED
-CVE-2020-27050
- RESERVED
-CVE-2020-27049
- RESERVED
-CVE-2020-27048
- RESERVED
-CVE-2020-27047
- RESERVED
-CVE-2020-27046
- RESERVED
-CVE-2020-27045
- RESERVED
-CVE-2020-27044
- RESERVED
-CVE-2020-27043
- RESERVED
+CVE-2020-27057 (In getGpuStatsGlobalInfo and getGpuStatsAppInfo of
GpuService.cpp, the ...)
+ TODO: check
+CVE-2020-27056 (In SELinux policies of mls, there is a missing permission
check. This ...)
+ TODO: check
+CVE-2020-27055 (In isSubmittable and showWarningMessagesIfAppropriate of
WifiConfigCon ...)
+ TODO: check
+CVE-2020-27054 (In onFactoryReset of BluetoothManagerService.java, there is a
missing ...)
+ TODO: check
+CVE-2020-27053 (In broadcastWifiCredentialChanged of ClientModeImpl.java,
there is a p ...)
+ TODO: check
+CVE-2020-27052 (In getLockTaskLaunchMode of ActivityRecord.java, there is a
possible w ...)
+ TODO: check
+CVE-2020-27051 (In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a
possible ...)
+ TODO: check
+CVE-2020-27050 (In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a
possibl ...)
+ TODO: check
+CVE-2020-27049 (In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out
of boun ...)
+ TODO: check
+CVE-2020-27048 (In RW_SendRawFrame of rw_main.cc, there is a possible out of
bounds wr ...)
+ TODO: check
+CVE-2020-27047 (In ce_t4t_update_binary of ce_t4t.cc, there is a possible out
of bound ...)
+ TODO: check
+CVE-2020-27046 (In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible
out of ...)
+ TODO: check
+CVE-2020-27045 (In CE_SendRawFrame of ce_main.cc, there is a possible out of
bounds wr ...)
+ TODO: check
+CVE-2020-27044 (In restartWrite of Parcel.cpp, there is a possible memory
corruption d ...)
+ TODO: check
+CVE-2020-27043 (In nfc_enabled of nfc_main.cc, there is a possible out of
bounds read ...)
+ TODO: check
CVE-2020-27042
RESERVED
-CVE-2020-27041
- RESERVED
-CVE-2020-27040
- RESERVED
-CVE-2020-27039
- RESERVED
-CVE-2020-27038
- RESERVED
-CVE-2020-27037
- RESERVED
-CVE-2020-27036
- RESERVED
-CVE-2020-27035
- RESERVED
-CVE-2020-27034
- RESERVED
-CVE-2020-27033
- RESERVED
-CVE-2020-27032
- RESERVED
-CVE-2020-27031
- RESERVED
-CVE-2020-27030
- RESERVED
-CVE-2020-27029
- RESERVED
-CVE-2020-27028
- RESERVED
-CVE-2020-27027
- RESERVED
-CVE-2020-27026
- RESERVED
-CVE-2020-27025
- RESERVED
-CVE-2020-27024
- RESERVED
-CVE-2020-27023
- RESERVED
+CVE-2020-27041 (In showProvisioningNotification of ConnectivityService.java,
there is ...)
+ TODO: check
+CVE-2020-27040 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a
possible ...)
+ TODO: check
+CVE-2020-27039 (In postNotification of ServiceRecord.java, there is a possible
permiss ...)
+ TODO: check
+CVE-2020-27038 (In process of C2SoftVorbisDec.cpp, there is a possible
resource exhaus ...)
+ TODO: check
+CVE-2020-27037 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a
possible ...)
+ TODO: check
+CVE-2020-27036 (In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a
possible ...)
+ TODO: check
+CVE-2020-27035 (In priorLinearAllocation of C2AllocatorIon.cpp, there is a
possible us ...)
+ TODO: check
+CVE-2020-27034 (In createSimSelectNotification of SimSelectNotification.java,
there is ...)
+ TODO: check
+CVE-2020-27033 (In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a
possible out o ...)
+ TODO: check
+CVE-2020-27032 (In getRadioAccessFamily of PhoneInterfaceManager.java, there
is a poss ...)
+ TODO: check
+CVE-2020-27031 (In nfc_data_event of nfc_ncif.cc, there is a possible out of
bounds re ...)
+ TODO: check
+CVE-2020-27030 (In onCreate of HandleApiCalls.java, there is a possible
permission byp ...)
+ TODO: check
+CVE-2020-27029 (In TextView of TextView.java, there is a possible app hang due
to impr ...)
+ TODO: check
+CVE-2020-27028 (In filter_incoming_event of hci_layer.cc, there is a possible
out of b ...)
+ TODO: check
+CVE-2020-27027 (In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a
possible out o ...)
+ TODO: check
+CVE-2020-27026 (During boot, the device unlock interface behaves differently
depending ...)
+ TODO: check
+CVE-2020-27025 (In EapFailureNotifier.java and SimRequiredNotifier.java, there
is a po ...)
+ TODO: check
+CVE-2020-27024 (In smp_br_state_machine_event of smp_br_main.cc, there is a
possible o ...)
+ TODO: check
+CVE-2020-27023 (In setErrorPlaybackState of BluetoothMediaBrowserService.java,
there i ...)
+ TODO: check
CVE-2020-27022
RESERVED
-CVE-2020-27021
- RESERVED
+CVE-2020-27021 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a
possible o ...)
+ TODO: check
CVE-2020-27020
RESERVED
CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance
(IMSVA) 9.1 ...)
@@ -13587,7 +13580,7 @@ CVE-2020-26219 (touchbase.ai before version 2.0 is
vulnerable to Open Redirect.
CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site
Scripting. ...)
NOT-FOR-US: touchbase.ai
CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code
Execution.T ...)
- {DLA-2471-1}
+ {DSA-4811-1 DLA-2471-1}
- libxstream-java 1.4.14-1
NOTE: https://x-stream.github.io/CVE-2020-26217.html
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
@@ -14778,8 +14771,7 @@ CVE-2020-25713 [Out of bounds read leads to segfault in
raptor_xml_writer_start_
[buster] - raptor2 <no-dsa> (Minor issue)
[stretch] - raptor2 <postponed> (Minor issue; reconsider when fixed
upstream.)
NOTE: https://bugs.librdf.org/mantis/view.php?id=650
-CVE-2020-25712 [Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap
overflows]
- RESERVED
+CVE-2020-25712 (A flaw was found in xorg-x11-server before 1.20.10. A
heap-buffer over ...)
{DSA-4803-1 DLA-2486-1}
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
@@ -39828,8 +39820,7 @@ CVE-2020-14303 (A flaw was found in the AD DC NBT
server in all Samba versions b
- samba 2:4.12.5+dfsg-1
[buster] - samba <postponed> (Minor issue, fix along in next DSA)
NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html
-CVE-2020-14302
- RESERVED
+CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external
identity ...)
NOT-FOR-US: Keycloak
CVE-2020-14301 [leak of sensitive cookie information via dumpxml]
RESERVED
@@ -55099,26 +55090,26 @@ CVE-2020-8945 (The proglottis Go wrapper before 0.1.1
for the GPGME library has
- golang-github-proglottis-gpgme 0.1.1-1 (bug #951372)
[buster] - golang-github-proglottis-gpgme <no-dsa> (Minor issue)
NOTE: https://github.com/proglottis/gpgme/pull/23
-CVE-2020-8944
- RESERVED
-CVE-2020-8943
- RESERVED
-CVE-2020-8942
- RESERVED
-CVE-2020-8941
- RESERVED
-CVE-2020-8940
- RESERVED
-CVE-2020-8939
- RESERVED
-CVE-2020-8938
- RESERVED
-CVE-2020-8937
- RESERVED
-CVE-2020-8936
- RESERVED
-CVE-2020-8935
- RESERVED
+CVE-2020-8944 (An arbitrary memory write vulnerability in Asylo versions up to
0.6.0 ...)
+ TODO: check
+CVE-2020-8943 (An arbitrary memory read vulnerability in Asylo versions up to
0.6.0 a ...)
+ TODO: check
+CVE-2020-8942 (An arbitrary memory read vulnerability in Asylo versions up to
0.6.0 a ...)
+ TODO: check
+CVE-2020-8941 (An arbitrary memory read vulnerability in Asylo versions up to
0.6.0 a ...)
+ TODO: check
+CVE-2020-8940 (An arbitrary memory read vulnerability in Asylo versions up to
0.6.0 a ...)
+ TODO: check
+CVE-2020-8939 (An out of bounds read on the enc_untrusted_inet_ntop function
allows a ...)
+ TODO: check
+CVE-2020-8938 (An arbitrary memory overwrite vulnerability in Asylo versions
up to 0. ...)
+ TODO: check
+CVE-2020-8937 (An arbitrary memory overwrite vulnerability in Asylo versions
up to 0. ...)
+ TODO: check
+CVE-2020-8936 (An arbitrary memory overwrite vulnerability in Asylo versions
up to 0. ...)
+ TODO: check
+CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions
up to 0. ...)
+ TODO: check
CVE-2020-8934
RESERVED
CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin
versions betw ...)
@@ -65709,8 +65700,8 @@ CVE-2020-4851
RESERVED
CVE-2020-4850
RESERVED
-CVE-2020-4849
- RESERVED
+CVE-2020-4849 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix
7 could ...)
+ TODO: check
CVE-2020-4848
RESERVED
CVE-2020-4847
@@ -65916,8 +65907,8 @@ CVE-2020-4749 (IBM Spectrum Scale 5.0.0 through 5.0.5.2
does not set the secure
NOT-FOR-US: IBM
CVE-2020-4748 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to
cross-site s ...)
NOT-FOR-US: IBM
-CVE-2020-4747
- RESERVED
+CVE-2020-4747 (IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can
allow a ...)
+ TODO: check
CVE-2020-4746
RESERVED
CVE-2020-4745
@@ -73122,27 +73113,27 @@ CVE-2020-2091 (A missing permission check in Jenkins
Amazon EC2 Plugin 1.47 and
CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon
EC2 Plugi ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2089
- RESERVED
+ REJECTED
CVE-2020-2088
- RESERVED
+ REJECTED
CVE-2020-2087
- RESERVED
+ REJECTED
CVE-2020-2086
- RESERVED
+ REJECTED
CVE-2020-2085
- RESERVED
+ REJECTED
CVE-2020-2084
- RESERVED
+ REJECTED
CVE-2020-2083
- RESERVED
+ REJECTED
CVE-2020-2082
- RESERVED
+ REJECTED
CVE-2020-2081
- RESERVED
+ REJECTED
CVE-2020-2080
- RESERVED
+ REJECTED
CVE-2020-2079
- RESERVED
+ REJECTED
CVE-2020-2078 (Passwords are stored in plain text within the configuration of
SICK Pa ...)
NOT-FOR-US: SICK
CVE-2020-2077 (SICK Package Analytics software up to and including version
V04.0.0 ar ...)
@@ -80384,62 +80375,62 @@ CVE-2019-18194 (TotalAV 2020 4.14.31 has a quarantine
flaw that allows privilege
NOT-FOR-US: TotalAV
CVE-2019-18193 (In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and
4.0.114, ...)
NOT-FOR-US: Unisys Stealth
-CVE-2020-0500
- RESERVED
-CVE-2020-0499
- RESERVED
-CVE-2020-0498
- RESERVED
-CVE-2020-0497
- RESERVED
-CVE-2020-0496
- RESERVED
-CVE-2020-0495
- RESERVED
-CVE-2020-0494
- RESERVED
-CVE-2020-0493
- RESERVED
-CVE-2020-0492
- RESERVED
-CVE-2020-0491
- RESERVED
-CVE-2020-0490
- RESERVED
-CVE-2020-0489
- RESERVED
-CVE-2020-0488
- RESERVED
-CVE-2020-0487
- RESERVED
-CVE-2020-0486
- RESERVED
-CVE-2020-0485
- RESERVED
-CVE-2020-0484
- RESERVED
-CVE-2020-0483
- RESERVED
-CVE-2020-0482
- RESERVED
-CVE-2020-0481
- RESERVED
-CVE-2020-0480
- RESERVED
-CVE-2020-0479
- RESERVED
-CVE-2020-0478
- RESERVED
-CVE-2020-0477
- RESERVED
-CVE-2020-0476
- RESERVED
-CVE-2020-0475
- RESERVED
-CVE-2020-0474
- RESERVED
-CVE-2020-0473
- RESERVED
+CVE-2020-0500 (In startInputUncheckedLocked of InputMethodManager.java, there
is a po ...)
+ TODO: check
+CVE-2020-0499 (In FLAC__bitreader_read_rice_signed_block of bitreader.c, there
is a p ...)
+ TODO: check
+CVE-2020-0498 (In decode_packed_entry_number of codebook.c, there is a
possible out o ...)
+ TODO: check
+CVE-2020-0497 (In canUseBiometric of BiometricServiceBase, there is a missing
permiss ...)
+ TODO: check
+CVE-2020-0496 (In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there
is a p ...)
+ TODO: check
+CVE-2020-0495 (In decode_Huffman of JBig2_SddProc.cpp, there is a possible out
of bou ...)
+ TODO: check
+CVE-2020-0494 (In ih264d_parse_ave of ih264d_sei.c, there is a possible out of
bounds ...)
+ TODO: check
+CVE-2020-0493 (In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a
possib ...)
+ TODO: check
+CVE-2020-0492 (In BitstreamFillCache of bitstream.cpp, there is a possible out
of bou ...)
+ TODO: check
+CVE-2020-0491 (In readBlock of MatroskaExtractor.cpp, there is a possible
denial of s ...)
+ TODO: check
+CVE-2020-0490 (In floor1_info_unpack of floor1.c, there is a possible out of
bounds r ...)
+ TODO: check
+CVE-2020-0489 (In Parse_data of eas_mdls.c, there is a possible out of bounds
write d ...)
+ TODO: check
+CVE-2020-0488 (In ihevc_inter_pred_chroma_copy_ssse3 of
ihevc_inter_pred_filters_ssse ...)
+ TODO: check
+CVE-2020-0487 (In read_metadata_vorbiscomment_ of stream_decoder.c, there is
possible ...)
+ TODO: check
+CVE-2020-0486 (In openAssetFileListener of ContactsProvider2.java, there is a
possibl ...)
+ TODO: check
+CVE-2020-0485 (In areFunctionsSupported of UsbBackend.java, there is a
possible acces ...)
+ TODO: check
+CVE-2020-0484 (In destroyResources of ComposerClient.h, there is possible
memory corr ...)
+ TODO: check
+CVE-2020-0483 (In DrmManagerService::~DrmManagerService() of
DrmManagerService.cpp, t ...)
+ TODO: check
+CVE-2020-0482 (In command of IncidentService.cpp, there is a possible out of
bounds r ...)
+ TODO: check
+CVE-2020-0481 (In AndroidManifest.xml, there is a possible permissions bypass.
This c ...)
+ TODO: check
+CVE-2020-0480 (In callUnchecked of DocumentsProvider.java, there is a possible
permis ...)
+ TODO: check
+CVE-2020-0479 (In callUnchecked of DocumentsProvider.java, there is a possible
permis ...)
+ TODO: check
+CVE-2020-0478 (In extend_frame_lowbd of restoration.c, there is a possible out
of bou ...)
+ TODO: check
+CVE-2020-0477 (In sendLinkConfigurationChangedBroadcast of
ClientModeImpl.java, there ...)
+ TODO: check
+CVE-2020-0476 (In onNotificationRemoved of Assistant.java, there is a possible
leak o ...)
+ TODO: check
+CVE-2020-0475 (In createInputConsumer of WindowManagerService.java, there is a
possib ...)
+ TODO: check
+CVE-2020-0474 (In HalCamera::requestNewFrame of HalCamera.cpp, there is a
possible us ...)
+ TODO: check
+CVE-2020-0473 (In updateIncomingFileConfirmNotification of
BluetoothOppNotification.j ...)
+ TODO: check
CVE-2020-0472
RESERVED
CVE-2020-0471
@@ -80688,8 +80679,8 @@ CVE-2020-0370 (In libAACdec, there is a possible out of
bounds read due to missi
NOT-FOR-US: Android Media Framework
CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an
integer o ...)
NOT-FOR-US: Android
-CVE-2020-0368
- RESERVED
+CVE-2020-0368 (In queryInternal of CallLogProvider.java, there is a possible
permissi ...)
+ TODO: check
CVE-2020-0367 (There is a possible out of bounds write due to a missing bounds
check. ...)
NOT-FOR-US: MediaTek components for Android
CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due
to a t ...)
@@ -80871,8 +80862,8 @@ CVE-2020-0282 (In NFC, there is a possible out of
bounds read due to a missing b
NOT-FOR-US: Android
CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing
bounds ...)
NOT-FOR-US: Android
-CVE-2020-0280
- RESERVED
+CVE-2020-0280 (In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a
possible out ...)
+ TODO: check
CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due
to a mis ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0278 (There is a possible out of bounds write due to an incorrect
bounds che ...)
@@ -80943,8 +80934,8 @@ CVE-2020-0246 (In getCarrierPrivilegeStatus of
UiccAccessRule.java, there is a m
NOT-FOR-US: Android
CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a
possible ...)
NOT-FOR-US: Android Media framework
-CVE-2020-0244
- RESERVED
+CVE-2020-0244 (In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a
possible out ...)
+ TODO: check
CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a
possible use-a ...)
NOT-FOR-US: Android media framework
CVE-2020-0242 (In reset of NuPlayerDriver.cpp, there is a possible
use-after-free due ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74e1238b25d9323e358bb368d34bb8335af25592
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/74e1238b25d9323e358bb368d34bb8335af25592
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
