From f92893a372001a115ffe4fe063f58c567be21e5e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 10 Mar 2020 21:01:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/0xxx/CVE-2020-0045.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0046.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0047.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0048.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0062.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0063.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0066.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0084.json | 62 ++++++++++++++++++++++++++++++++++++ 2020/0xxx/CVE-2020-0087.json | 62 ++++++++++++++++++++++++++++++++++++ 9 files changed, 558 insertions(+) create mode 100644 2020/0xxx/CVE-2020-0045.json create mode 100644 2020/0xxx/CVE-2020-0046.json create mode 100644 2020/0xxx/CVE-2020-0047.json create mode 100644 2020/0xxx/CVE-2020-0048.json create mode 100644 2020/0xxx/CVE-2020-0062.json create mode 100644 2020/0xxx/CVE-2020-0063.json create mode 100644 2020/0xxx/CVE-2020-0066.json create mode 100644 2020/0xxx/CVE-2020-0084.json create mode 100644 2020/0xxx/CVE-2020-0087.json diff --git a/2020/0xxx/CVE-2020-0045.json b/2020/0xxx/CVE-2020-0045.json new file mode 100644 index 00000000000..9d97e73e89e --- /dev/null +++ b/2020/0xxx/CVE-2020-0045.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0045", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141243101" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0046.json b/2020/0xxx/CVE-2020-0046.json new file mode 100644 index 00000000000..2483df44bf3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0046.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0046", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137284652" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0047.json b/2020/0xxx/CVE-2020-0047.json new file mode 100644 index 00000000000..bc4e0ae1029 --- /dev/null +++ b/2020/0xxx/CVE-2020-0047.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0047", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0048.json b/2020/0xxx/CVE-2020-0048.json new file mode 100644 index 00000000000..a1ddbcdaeac --- /dev/null +++ b/2020/0xxx/CVE-2020-0048.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0048", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139417189" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0062.json b/2020/0xxx/CVE-2020-0062.json new file mode 100644 index 00000000000..4f6f0ce00a8 --- /dev/null +++ b/2020/0xxx/CVE-2020-0062.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0062", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0063.json b/2020/0xxx/CVE-2020-0063.json new file mode 100644 index 00000000000..e6ff7ed183d --- /dev/null +++ b/2020/0xxx/CVE-2020-0063.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0063", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SurfaceFlinger, it is possible to override UI confirmation screen protected by the TEE. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143128911" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0066.json b/2020/0xxx/CVE-2020-0066.json new file mode 100644 index 00000000000..11f57ff803a --- /dev/null +++ b/2020/0xxx/CVE-2020-0066.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0066", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0084.json b/2020/0xxx/CVE-2020-0084.json new file mode 100644 index 00000000000..55b0eba5906 --- /dev/null +++ b/2020/0xxx/CVE-2020-0084.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0084", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143339775" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0087.json b/2020/0xxx/CVE-2020-0087.json new file mode 100644 index 00000000000..b5611cf7e98 --- /dev/null +++ b/2020/0xxx/CVE-2020-0087.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0087", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2020-03-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-03-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In getProcessPss of ActivityManagerService.java, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127989044" + } + ] + } +} \ No newline at end of file