diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-02 10:55:29 +0200 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-07-02 10:55:29 +0200 |
| commit | 3d7138ae653891d1acf0479d0a4965d26a215b86 (patch) | |
| tree | 2d6d59712612010071781af95660967f036130d2 /data | |
| parent | 5080947cff7f70a0c2bc6e4617fd626b04905047 (diff) | |
new ndpi issues
qemu no-dsa
NFUs
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/data/CVE/list b/data/CVE/list index de4eeef9fe..6aeb6ed941 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,7 @@ CVE-2020-15501 RESERVED CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...) - TODO: check + NOT-FOR-US: TileServer GL CVE-2020-15499 RESERVED CVE-2020-15498 @@ -21,9 +21,9 @@ CVE-2020-15492 CVE-2020-15491 RESERVED CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) - TODO: check + NOT-FOR-US: Wavlink WL-WN530HG4 CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) - TODO: check + NOT-FOR-US: Wavlink WL-WN530HG4 CVE-2020-15488 RESERVED CVE-2020-15487 @@ -49,22 +49,31 @@ CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of s CVE-2020-15477 RESERVED CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...) - TODO: check + - ndpi <unfixed> + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780 + NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...) - TODO: check + - ndpi <unfixed> + NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...) - TODO: check + - ndpi <unfixed> + NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...) - TODO: check + - ndpi <unfixed> + NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...) - TODO: check + - ndpi <unfixed> + NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...) - TODO: check + - ndpi <unfixed> + NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...) NOT-FOR-US: ffjpeg CVE-2020-15469 RESERVED - - qemu <unfixed> + - qemu <unfixed> (low) + [buster] - qemu <postponed> (Minor issue, fix along in next DSA) + [stretch] - qemu <postponed> (Minor issue, fix along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1 NOTE: Proposed patch(es): https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...) |