admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-08 19:01:07 +00:00
parent 0371d17542
commit f6994f828d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
24 changed files with 689 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2016/5xxx/CVE-2016-5018.json
View File

@ -184,6 +184,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html",
"url": "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html"
} }
] ]
} }

68
2016/5xxx/CVE-2016-5346.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5346", "ID": "CVE-2016-5346",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/97371",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/97371"
},
{
"url": "http://www.securitytracker.com/id/1038201",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1038201"
},
{
"refsource": "MISC",
"name": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474",
"url": "https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"
},
{
"refsource": "MISC",
"name": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346",
"url": "https://github.com/ele7enxxh/poc-exp/tree/master/CVE-2016-5346"
},
{
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2017-04-01.html",
"url": "https://source.android.com/security/bulletin/2017-04-01.html"
} }
] ]
} }

60
2016/6xxx/CVE-2016-6585.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-6585", "ID": "CVE-2016-6585",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Symantec",
"product": {
"product_data": [
{
"product_name": "Norton Mobile Security for Android",
"version": {
"version_data": [
{
"version_value": "before 3.16"
}
]
}
}
]
}
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/93900",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/93900"
},
{
"url": "http://www.securitytracker.com/id/1037225",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1037225"
},
{
"refsource": "CONFIRM",
"name": "https://support.symantec.com/us/en/article.symsa1384.html",
"url": "https://support.symantec.com/us/en/article.symsa1384.html"
} }
] ]
} }

5
2017/3xxx/CVE-2017-3623.json
View File

@ -67,6 +67,11 @@
"name": "1038292", "name": "1038292",
"refsource": "SECTRACK", "refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038292" "url": "http://www.securitytracker.com/id/1038292"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155876/EBBISLAND-EBBSHAVE-6100-09-04-1441-Remote-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/155876/EBBISLAND-EBBSHAVE-6100-09-04-1441-Remote-Buffer-Overflow.html"
} }
] ]
} }

5
2018/4xxx/CVE-2018-4386.json
View File

@ -73,6 +73,11 @@
"refsource": "MISC", "refsource": "MISC",
"name": "https://support.apple.com/kb/HT209196", "name": "https://support.apple.com/kb/HT209196",
"url": "https://support.apple.com/kb/HT209196" "url": "https://support.apple.com/kb/HT209196"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155871/Sony-Playstation-4-Webkit-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/155871/Sony-Playstation-4-Webkit-Code-Execution.html"
} }
] ]
}, },

5
2019/14xxx/CVE-2019-14895.json
View File

@ -98,6 +98,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4227-2", "name": "USN-4227-2",
"url": "https://usn.ubuntu.com/4227-2/" "url": "https://usn.ubuntu.com/4227-2/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html",
"url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html"
} }
] ]
}, },

5
2019/14xxx/CVE-2019-14896.json
View File

@ -93,6 +93,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4227-2", "name": "USN-4227-2",
"url": "https://usn.ubuntu.com/4227-2/" "url": "https://usn.ubuntu.com/4227-2/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html",
"url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html"
} }
] ]
}, },

5
2019/14xxx/CVE-2019-14897.json
View File

@ -88,6 +88,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4227-2", "name": "USN-4227-2",
"url": "https://usn.ubuntu.com/4227-2/" "url": "https://usn.ubuntu.com/4227-2/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html",
"url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html"
} }
] ]
}, },

5
2019/14xxx/CVE-2019-14901.json
View File

@ -101,6 +101,11 @@
"refsource": "UBUNTU", "refsource": "UBUNTU",
"name": "USN-4227-2", "name": "USN-4227-2",
"url": "https://usn.ubuntu.com/4227-2/" "url": "https://usn.ubuntu.com/4227-2/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html",
"url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html"
} }
] ]
}, },

5
2019/15xxx/CVE-2019-15039.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/", "name": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/",
"url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/" "url": "https://blog.jetbrains.com/blog/2019/09/26/jetbrains-security-bulletin-q2-2019/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155874/JetBrains-TeamCity-2018.2.4-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/155874/JetBrains-TeamCity-2018.2.4-Remote-Code-Execution.html"
} }
] ]
} }

5
2019/15xxx/CVE-2019-15999.json
View File

@ -72,6 +72,11 @@
"name": "20200102 Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability", "name": "20200102 Cisco Data Center Network Manager JBoss EAP Unauthorized Access Vulnerability",
"refsource": "CISCO", "refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200102-dcnm-unauth-access"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.html",
"url": "http://packetstormsecurity.com/files/155870/Cisco-DCNM-JBoss-10.4-Credential-Leakage.html"
} }
] ]
}, },

5
2019/19xxx/CVE-2019-19781.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://support.citrix.com/article/CTX267027", "name": "https://support.citrix.com/article/CTX267027",
"url": "https://support.citrix.com/article/CTX267027" "url": "https://support.citrix.com/article/CTX267027"
},
{
"refsource": "CERT-VN",
"name": "VU#619785",
"url": "https://www.kb.cert.org/vuls/id/619785"
} }
] ]
} }

5
2019/19xxx/CVE-2019-19844.json
View File

@ -81,6 +81,11 @@
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"name": "20200108 [SECURITY] [DSA 4598-1] python-django security update", "name": "20200108 [SECURITY] [DSA 4598-1] python-django security update",
"url": "https://seclists.org/bugtraq/2020/Jan/9" "url": "https://seclists.org/bugtraq/2020/Jan/9"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html",
"url": "http://packetstormsecurity.com/files/155872/Django-Account-Hijack.html"
} }
] ]
} }

2
2019/2xxx/CVE-2019-2204.json
View File

@ -58,7 +58,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8, Android-9 Android ID: A-138442295" "value": "In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295"
} }
] ]
} }

11
2019/2xxx/CVE-2019-2208.json
View File

@ -18,6 +18,9 @@
"product_name": "Android", "product_name": "Android",
"version": { "version": {
"version_data": [ "version_data": [
{
"version_value": "Android-8.1"
},
{ {
"version_value": "Android-9" "version_value": "Android-9"
} }
@ -45,9 +48,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "MISC", "refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2019-11-01", "name": "https://source.android.com/security/bulletin/2020-01-10",
"url": "https://source.android.com/security/bulletin/2019-11-01" "url": "https://source.android.com/security/bulletin/2020-01-10"
} }
] ]
}, },
@ -55,7 +58,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "There is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-138441919" "value": "In PromiseBuiltinsAssembler::NewPromiseCapability of builtins-promise.cc, there is a possible out of bounds read in v8 JIT code due to a bug in code generation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138441919"
} }
] ]
} }

17
2019/2xxx/CVE-2019-2218.json
View File

@ -18,6 +18,15 @@
"product_name": "Android", "product_name": "Android",
"version": { "version": {
"version_data": [ "version_data": [
{
"version_value": "Android-8.0"
},
{
"version_value": "Android-8.1"
},
{
"version_value": "Android-9"
},
{ {
"version_value": "Android-10" "version_value": "Android-10"
} }
@ -45,9 +54,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"refsource": "MISC", "refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2019-12-01", "name": "https://source.android.com/security/bulletin/2020-01-08",
"url": "https://source.android.com/security/bulletin/2019-12-01" "url": "https://source.android.com/security/bulletin/2020-01-08"
} }
] ]
}, },
@ -55,7 +64,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141169173" "value": "In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141169173"
} }
] ]
} }

71
2020/0xxx/CVE-2020-0001.json Normal file
View File

@ -0,0 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0001",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0"
},
{
"version_value": "Android-8.1"
},
{
"version_value": "Android-9"
},
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2020-01-01",
"url": "https://source.android.com/security/bulletin/2020-01-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304"
}
]
}
}

71
2020/0xxx/CVE-2020-0002.json Normal file
View File

@ -0,0 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0002",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0"
},
{
"version_value": "Android-8.1"
},
{
"version_value": "Android-9"
},
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2020-01-04",
"url": "https://source.android.com/security/bulletin/2020-01-04"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711"
}
]
}
}

62
2020/0xxx/CVE-2020-0003.json Normal file
View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0003",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2020-01-02",
"url": "https://source.android.com/security/bulletin/2020-01-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904"
}
]
}
}

71
2020/0xxx/CVE-2020-0004.json Normal file
View File

@ -0,0 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0004",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0"
},
{
"version_value": "Android-8.1"
},
{
"version_value": "Android-9"
},
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2020-01-03",
"url": "https://source.android.com/security/bulletin/2020-01-03"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In generateCrop of WallpaperManagerService.java, there is a possible sysui crash due to image exceeding maximum texture size. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-120847476"
}
]
}
}

71
2020/0xxx/CVE-2020-0006.json Normal file
View File

@ -0,0 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0006",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0"
},
{
"version_value": "Android-8.1"
},
{
"version_value": "Android-9"
},
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2020-01-05",
"url": "https://source.android.com/security/bulletin/2020-01-05"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to remote information disclosure in the NFC server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-139738828"
}
]
}
}

71
2020/0xxx/CVE-2020-0007.json Normal file
View File

@ -0,0 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0007",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0"
},
{
"version_value": "Android-8.1"
},
{
"version_value": "Android-9"
},
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2020-01-06",
"url": "https://source.android.com/security/bulletin/2020-01-06"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141890807"
}
]
}
}

71
2020/0xxx/CVE-2020-0008.json Normal file
View File

@ -0,0 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-0008",
"ASSIGNER": "security@android.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0"
},
{
"version_value": "Android-8.1"
},
{
"version_value": "Android-9"
},
{
"version_value": "Android-10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2020-01-07",
"url": "https://source.android.com/security/bulletin/2020-01-07"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142558228"
}
]
}
}

4
2020/0xxx/CVE-2020-0009.json
View File

@ -46,8 +46,8 @@
"reference_data": [ "reference_data": [
{ {
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/pixel/2020-01-01", "name": "https://source.android.com/security/bulletin/2020-01-11",
"url": "https://source.android.com/security/bulletin/pixel/2020-01-01" "url": "https://source.android.com/security/bulletin/2020-01-11"
} }
] ]
}, },