From f6994f828d99f2a6b47de449b804238bbfddd7af Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 8 Jan 2020 19:01:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/5xxx/CVE-2016-5018.json | 5 +++ 2016/5xxx/CVE-2016-5346.json | 68 +++++++++++++++++++++++++++++++- 2016/6xxx/CVE-2016-6585.json | 60 ++++++++++++++++++++++++++-- 2017/3xxx/CVE-2017-3623.json | 5 +++ 2018/4xxx/CVE-2018-4386.json | 5 +++ 2019/14xxx/CVE-2019-14895.json | 5 +++ 2019/14xxx/CVE-2019-14896.json | 5 +++ 2019/14xxx/CVE-2019-14897.json | 5 +++ 2019/14xxx/CVE-2019-14901.json | 5 +++ 2019/15xxx/CVE-2019-15039.json | 5 +++ 2019/15xxx/CVE-2019-15999.json | 5 +++ 2019/19xxx/CVE-2019-19781.json | 5 +++ 2019/19xxx/CVE-2019-19844.json | 5 +++ 2019/2xxx/CVE-2019-2204.json | 2 +- 2019/2xxx/CVE-2019-2208.json | 11 ++++-- 2019/2xxx/CVE-2019-2218.json | 17 ++++++-- 2020/0xxx/CVE-2020-0001.json | 71 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0002.json | 71 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0003.json | 62 +++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0004.json | 71 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0006.json | 71 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0007.json | 71 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0008.json | 71 ++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0009.json | 4 +- 24 files changed, 689 insertions(+), 16 deletions(-) create mode 100644 2020/0xxx/CVE-2020-0001.json create mode 100644 2020/0xxx/CVE-2020-0002.json create mode 100644 2020/0xxx/CVE-2020-0003.json create mode 100644 2020/0xxx/CVE-2020-0004.json create mode 100644 2020/0xxx/CVE-2020-0006.json create mode 100644 2020/0xxx/CVE-2020-0007.json create mode 100644 2020/0xxx/CVE-2020-0008.json diff --git a/2016/5xxx/CVE-2016-5018.json b/2016/5xxx/CVE-2016-5018.json index aa033693fd5..7b261cbc6ff 100644 --- a/2016/5xxx/CVE-2016-5018.json +++ b/2016/5xxx/CVE-2016-5018.json @@ -184,6 +184,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html", + "url": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html" } ] } diff --git a/2016/5xxx/CVE-2016-5346.json b/2016/5xxx/CVE-2016-5346.json index b3dd14b5b62..89665997669 100644 --- a/2016/5xxx/CVE-2016-5346.json +++ b/2016/5xxx/CVE-2016-5346.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-5346", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/97371", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/97371" + }, + { + "url": "http://www.securitytracker.com/id/1038201", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1038201" + }, + { + "refsource": "MISC", + "name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474", + "url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474" + }, + { + "refsource": "MISC", + "name": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346", + "url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346" + }, + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2017-04-01.html", + "url": "https://source.android.com/security/bulletin/2017-04-01.html" } ] } diff --git a/2016/6xxx/CVE-2016-6585.json b/2016/6xxx/CVE-2016-6585.json index f8ac813485b..5fa9eaabbc9 100644 --- a/2016/6xxx/CVE-2016-6585.json +++ b/2016/6xxx/CVE-2016-6585.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secure@symantec.com", "ID": "CVE-2016-6585", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Norton Mobile Security for Android", + "version": { + "version_data": [ + { + "version_value": "before 3.16" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/93900", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/93900" + }, + { + "url": "http://www.securitytracker.com/id/1037225", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037225" + }, + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.symsa1384.html", + "url": "https://support.symantec.com/us/en/article.symsa1384.html" } ] } diff --git a/2017/3xxx/CVE-2017-3623.json b/2017/3xxx/CVE-2017-3623.json index 72b17685d2a..7406b251118 100644 --- a/2017/3xxx/CVE-2017-3623.json +++ b/2017/3xxx/CVE-2017-3623.json @@ -67,6 +67,11 @@ "name": "1038292", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038292" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155876/EBBISLAND-EBBSHAVE-6100-09-04-1441-Remote-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/155876/EBBISLAND-EBBSHAVE-6100-09-04-1441-Remote-Buffer-Overflow.html" } ] } diff --git a/2018/4xxx/CVE-2018-4386.json b/2018/4xxx/CVE-2018-4386.json index 3f2aab6e95f..b9af6587df9 100644 --- a/2018/4xxx/CVE-2018-4386.json +++ b/2018/4xxx/CVE-2018-4386.json @@ -73,6 +73,11 @@ "refsource": "MISC", "name": "https://support.apple.com/kb/HT209196", "url": "https://support.apple.com/kb/HT209196" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155871/Sony-Playstation-4-Webkit-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155871/Sony-Playstation-4-Webkit-Code-Execution.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14895.json b/2019/14xxx/CVE-2019-14895.json index 8d7f70f342b..3c3b4a75565 100644 --- a/2019/14xxx/CVE-2019-14895.json +++ b/2019/14xxx/CVE-2019-14895.json @@ -98,6 +98,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", + "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14896.json b/2019/14xxx/CVE-2019-14896.json index ee83e3ebdda..b6c8d169546 100644 --- a/2019/14xxx/CVE-2019-14896.json +++ b/2019/14xxx/CVE-2019-14896.json @@ -93,6 +93,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", + "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14897.json b/2019/14xxx/CVE-2019-14897.json index 3702aa82401..a64bdbf7888 100644 --- a/2019/14xxx/CVE-2019-14897.json +++ b/2019/14xxx/CVE-2019-14897.json @@ -88,6 +88,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", + "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14901.json b/2019/14xxx/CVE-2019-14901.json index e0933a51ba3..b101e3af82c 100644 --- a/2019/14xxx/CVE-2019-14901.json +++ b/2019/14xxx/CVE-2019-14901.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", + "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15039.json b/2019/15xxx/CVE-2019-15039.json index 040d3d3aeea..6e6e93bd442 100644 --- a/2019/15xxx/CVE-2019-15039.json +++ b/2019/15xxx/CVE-2019-15039.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/", "url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155874/JetBrains-TeamCity-2018.2.4-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155874/JetBrains-TeamCity-2018.2.4-Remote-Code-Execution.html" } ] } diff --git a/2019/15xxx/CVE-2019-15999.json b/2019/15xxx/CVE-2019-15999.json index dceb5f5e932..001cb94efdb 100644 --- a/2019/15xxx/CVE-2019-15999.json +++ b/2019/15xxx/CVE-2019-15999.json @@ -72,6 +72,11 @@ "name": "20200102 Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.html", + "url": "http://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.html" } ] }, diff --git a/2019/19xxx/CVE-2019-19781.json b/2019/19xxx/CVE-2019-19781.json index 87e31b63ffe..56a320a9d05 100644 --- a/2019/19xxx/CVE-2019-19781.json +++ b/2019/19xxx/CVE-2019-19781.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://support.citrix.com/article/CTX267027", "url": "https://support.citrix.com/article/CTX267027" + }, + { + "refsource": "CERT-VN", + "name": "VU#619785", + "url": "https://www.kb.cert.org/vuls/id/619785" } ] } diff --git a/2019/19xxx/CVE-2019-19844.json b/2019/19xxx/CVE-2019-19844.json index a2cf8582e08..c35725f77c0 100644 --- a/2019/19xxx/CVE-2019-19844.json +++ b/2019/19xxx/CVE-2019-19844.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20200108 [SECURITY] [DSA 4598-1] python-django security update", "url": "https://seclists.org/bugtraq/2020/Jan/9" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html", + "url": "http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html" } ] } diff --git a/2019/2xxx/CVE-2019-2204.json b/2019/2xxx/CVE-2019-2204.json index 1fe2f39606f..c1e62fe7203 100644 --- a/2019/2xxx/CVE-2019-2204.json +++ b/2019/2xxx/CVE-2019-2204.json @@ -58,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8, Android-9 Android ID: A-138442295" + "value": "In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295" } ] } diff --git a/2019/2xxx/CVE-2019-2208.json b/2019/2xxx/CVE-2019-2208.json index d040dc8f6b5..a2c00d0c26c 100644 --- a/2019/2xxx/CVE-2019-2208.json +++ b/2019/2xxx/CVE-2019-2208.json @@ -18,6 +18,9 @@ "product_name": "Android", "version": { "version_data": [ + { + "version_value": "Android-8.1" + }, { "version_value": "Android-9" } @@ -45,9 +48,9 @@ "references": { "reference_data": [ { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2019-11-01", - "url": "https://source.android.com/security/bulletin/2019-11-01" + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-10", + "url": "https://source.android.com/security/bulletin/2020-01-10" } ] }, @@ -55,7 +58,7 @@ "description_data": [ { "lang": "eng", - "value": "There is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-138441919" + "value": "In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138441919" } ] } diff --git a/2019/2xxx/CVE-2019-2218.json b/2019/2xxx/CVE-2019-2218.json index 0486df46ca3..667877d3661 100644 --- a/2019/2xxx/CVE-2019-2218.json +++ b/2019/2xxx/CVE-2019-2218.json @@ -18,6 +18,15 @@ "product_name": "Android", "version": { "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, { "version_value": "Android-10" } @@ -45,9 +54,9 @@ "references": { "reference_data": [ { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2019-12-01", - "url": "https://source.android.com/security/bulletin/2019-12-01" + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-08", + "url": "https://source.android.com/security/bulletin/2020-01-08" } ] }, @@ -55,7 +64,7 @@ "description_data": [ { "lang": "eng", - "value": "In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173" + "value": "In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141169173" } ] } diff --git a/2020/0xxx/CVE-2020-0001.json b/2020/0xxx/CVE-2020-0001.json new file mode 100644 index 00000000000..74f7d90e220 --- /dev/null +++ b/2020/0xxx/CVE-2020-0001.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0001", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-01", + "url": "https://source.android.com/security/bulletin/2020-01-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0002.json b/2020/0xxx/CVE-2020-0002.json new file mode 100644 index 00000000000..d2faf8e1da2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0002.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0002", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-04", + "url": "https://source.android.com/security/bulletin/2020-01-04" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0003.json b/2020/0xxx/CVE-2020-0003.json new file mode 100644 index 00000000000..aa94829785d --- /dev/null +++ b/2020/0xxx/CVE-2020-0003.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0003", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-02", + "url": "https://source.android.com/security/bulletin/2020-01-02" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0004.json b/2020/0xxx/CVE-2020-0004.json new file mode 100644 index 00000000000..2da238b8688 --- /dev/null +++ b/2020/0xxx/CVE-2020-0004.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0004", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-03", + "url": "https://source.android.com/security/bulletin/2020-01-03" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-120847476" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0006.json b/2020/0xxx/CVE-2020-0006.json new file mode 100644 index 00000000000..53e14a8adf3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0006.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0006", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-05", + "url": "https://source.android.com/security/bulletin/2020-01-05" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0007.json b/2020/0xxx/CVE-2020-0007.json new file mode 100644 index 00000000000..a53a70945c0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0007.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0007", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-06", + "url": "https://source.android.com/security/bulletin/2020-01-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0008.json b/2020/0xxx/CVE-2020-0008.json new file mode 100644 index 00000000000..0044c50b410 --- /dev/null +++ b/2020/0xxx/CVE-2020-0008.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0008", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0" + }, + { + "version_value": "Android-8.1" + }, + { + "version_value": "Android-9" + }, + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2020-01-07", + "url": "https://source.android.com/security/bulletin/2020-01-07" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0009.json b/2020/0xxx/CVE-2020-0009.json index c58137f4512..a88a03a21d9 100644 --- a/2020/0xxx/CVE-2020-0009.json +++ b/2020/0xxx/CVE-2020-0009.json @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "CONFIRM", - "name": "https://source.android.com/security/bulletin/pixel/2020-01-01", - "url": "https://source.android.com/security/bulletin/pixel/2020-01-01" + "name": "https://source.android.com/security/bulletin/2020-01-11", + "url": "https://source.android.com/security/bulletin/2020-01-11" } ] },