diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-01-08 08:10:12 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-01-08 08:10:12 +0000 |
| commit | c046cc17f282f52132426de9049c728f4eb8b557 (patch) | |
| tree | 4e2be9a32e31c165bc162586bb5f79e80779e97e /data | |
| parent | fce7721a322a850c950bd00f1a4f0154fbb14898 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 246 |
1 files changed, 234 insertions, 12 deletions
diff --git a/data/CVE/list b/data/CVE/list index 986d391c1c..f83ca0063d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,203 @@ +CVE-2019-5714 + RESERVED +CVE-2019-5713 + RESERVED +CVE-2019-5712 + RESERVED +CVE-2019-5711 + RESERVED +CVE-2019-5710 + RESERVED +CVE-2019-5709 + RESERVED +CVE-2019-5708 + RESERVED +CVE-2019-5707 + RESERVED +CVE-2019-5706 + RESERVED +CVE-2019-5705 + RESERVED +CVE-2019-5704 + RESERVED +CVE-2019-5703 + RESERVED +CVE-2019-5702 + RESERVED +CVE-2019-5701 + RESERVED +CVE-2019-5700 + RESERVED +CVE-2019-5699 + RESERVED +CVE-2019-5698 + RESERVED +CVE-2019-5697 + RESERVED +CVE-2019-5696 + RESERVED +CVE-2019-5695 + RESERVED +CVE-2019-5694 + RESERVED +CVE-2019-5693 + RESERVED +CVE-2019-5692 + RESERVED +CVE-2019-5691 + RESERVED +CVE-2019-5690 + RESERVED +CVE-2019-5689 + RESERVED +CVE-2019-5688 + RESERVED +CVE-2019-5687 + RESERVED +CVE-2019-5686 + RESERVED +CVE-2019-5685 + RESERVED +CVE-2019-5684 + RESERVED +CVE-2019-5683 + RESERVED +CVE-2019-5682 + RESERVED +CVE-2019-5681 + RESERVED +CVE-2019-5680 + RESERVED +CVE-2019-5679 + RESERVED +CVE-2019-5678 + RESERVED +CVE-2019-5677 + RESERVED +CVE-2019-5676 + RESERVED +CVE-2019-5675 + RESERVED +CVE-2019-5674 + RESERVED +CVE-2019-5673 + RESERVED +CVE-2019-5672 + RESERVED +CVE-2019-5671 + RESERVED +CVE-2019-5670 + RESERVED +CVE-2019-5669 + RESERVED +CVE-2019-5668 + RESERVED +CVE-2019-5667 + RESERVED +CVE-2019-5666 + RESERVED +CVE-2019-5665 + RESERVED +CVE-2019-5664 + RESERVED +CVE-2019-5663 + RESERVED +CVE-2019-5662 + RESERVED +CVE-2019-5661 + RESERVED +CVE-2019-5660 + RESERVED +CVE-2019-5659 + RESERVED +CVE-2019-5658 + RESERVED +CVE-2019-5657 + RESERVED +CVE-2019-5656 + RESERVED +CVE-2019-5655 + RESERVED +CVE-2019-5654 + RESERVED +CVE-2019-5653 + RESERVED +CVE-2019-5652 + RESERVED +CVE-2019-5651 + RESERVED +CVE-2019-5650 + RESERVED +CVE-2019-5649 + RESERVED +CVE-2019-5648 + RESERVED +CVE-2019-5647 + RESERVED +CVE-2019-5646 + RESERVED +CVE-2019-5645 + RESERVED +CVE-2019-5644 + RESERVED +CVE-2019-5643 + RESERVED +CVE-2019-5642 + RESERVED +CVE-2019-5641 + RESERVED +CVE-2019-5640 + RESERVED +CVE-2019-5639 + RESERVED +CVE-2019-5638 + RESERVED +CVE-2019-5637 + RESERVED +CVE-2019-5636 + RESERVED +CVE-2019-5635 + RESERVED +CVE-2019-5634 + RESERVED +CVE-2019-5633 + RESERVED +CVE-2019-5632 + RESERVED +CVE-2019-5631 + RESERVED +CVE-2019-5630 + RESERVED +CVE-2019-5629 + RESERVED +CVE-2019-5628 + RESERVED +CVE-2019-5627 + RESERVED +CVE-2019-5626 + RESERVED +CVE-2019-5625 + RESERVED +CVE-2019-5624 + RESERVED +CVE-2019-5623 + RESERVED +CVE-2019-5622 + RESERVED +CVE-2019-5621 + RESERVED +CVE-2019-5620 + RESERVED +CVE-2019-5619 + RESERVED +CVE-2019-5618 + RESERVED +CVE-2019-5617 + RESERVED +CVE-2019-5616 + RESERVED +CVE-2019-5615 + RESERVED CVE-2019-5614 RESERVED CVE-2019-5613 @@ -5919,6 +6119,7 @@ CVE-2018-20189 (In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/di CVE-2018-20188 (FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator ...) NOT-FOR-US: FUEL CMS CVE-2018-20187 [Timing side channel during ECC key generation could leak information...] + RESERVED - botan <unfixed> - botan1.10 <not-affected> (Vulnerable code introduced in 1.10.20) NOTE: https://github.com/randombit/botan/pull/1792 @@ -5943,30 +6144,39 @@ CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-base CVE-2018-20183 RESERVED CVE-2018-20182 [Remote code execution in seamless_process_line()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20181 [Remote code execution in seamless_process()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20180 [Remote code execution in rdpsnddbg_process()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20179 [Remote code execution in lspci_process()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20178 [DoS in process_demand_active()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20177 [Memory corruption in rdp_in_unistr()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20176 [DoS in sec_parse_crypt_info() and in sec_recv()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20175 [DoS in mcs_recv_connect_response() and in mcs_parse_domain_params()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20174 [Major information leak in ui_clip_handle_data()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...) @@ -27034,7 +27244,7 @@ CVE-2018-1999011 (FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 [jessie] - libav <not-affected> (Vulnerable code not present) NOTE: https://github.com/FFmpeg/FFmpeg/commit/2b46ebdbff1d8dec7a3d8ea280a612b91a58286 CVE-2018-1999010 (FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...) - {DSA-4249-1} + {DSA-4249-1 DLA-1630-1} - ffmpeg 7:4.0.2-1 - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/cced03dd667a5df6df8fd40d8de0bff477ee02e @@ -27509,7 +27719,7 @@ CVE-2018-14395 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to [jessie] - libav <not-affected> (only version 2 is supported) NOTE: https://github.com/FFmpeg/FFmpeg/commit/fa19fbcf712a6a6cc5a5cfdc3254a97b9bce6582 CVE-2018-14394 (libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...) - {DSA-4249-1} + {DSA-4249-1 DLA-1630-1} - ffmpeg 7:4.0.2-1 - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/3a2d21bc5f97aa0161db3ae731fc2732be6108b8 @@ -42243,33 +42453,43 @@ CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x b - gitlab 10.5.6+dfsg-1 (bug #893905) NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/ CVE-2018-8800 [Remote code execution in ui_clip_handle_data()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8799 [DoS in process_secondary_order()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8798 [Minor information leak in rdpsnd_process_ping()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8797 [Remote code execution in process_plane()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8796 [DoS in process_bitmap_data()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8795 [Remote code execution in process_bitmap_data()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8794 [Memory corruption in process_bitmap_data()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8793 [Remote code execution in cssp_read_tsrequest()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8792 [DoS in cssp_read_tsrequest()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8791 [Minor information leak in rdpdr_process()] + RESERVED - rdesktop 1.8.4-1 NOTE: https://github.com/rdesktop/rdesktop/commit/766ebcf6f23ccfe8323ac10242ae6e127d4505d2 (v1.8.4) CVE-2018-8790 @@ -45543,7 +45763,7 @@ CVE-2018-7559 (An issue was discovered in OPC UA .NET Standard Stack and Sample CVE-2018-7558 RESERVED CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...) - {DSA-4249-1} + {DSA-4249-1 DLA-1630-1} - ffmpeg 7:3.4.3-1 - libav <removed> NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96 @@ -48521,7 +48741,7 @@ CVE-2017-18124 (During secure boot, addition is performed on uint8 ptrs which le CVE-2018-6622 (An issue was discovered that affects all producers of BIOS firmware ...) NOT-FOR-US: Generic TPM issue CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...) - {DSA-4249-1} + {DSA-4249-1 DLA-1630-1} - ffmpeg 7:3.4.2-1 (low) - libav <removed> NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b @@ -65831,6 +66051,7 @@ CVE-2017-17132 (Huawei VP9660 V500R002C10 has a uncontrolled format string ...) CVE-2017-17131 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...) NOT-FOR-US: Huawei CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in ...) + {DLA-1630-1} - libav <removed> NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1100 CVE-2017-17129 (The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 ...) @@ -72632,7 +72853,7 @@ CVE-2017-15674 CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...) NOT-FOR-US: CS-Cart CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...) - {DSA-4049-1} + {DSA-4049-1 DLA-1630-1} - ffmpeg 7:3.4-1 - libav <removed> NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 @@ -75495,7 +75716,7 @@ CVE-2017-14769 CVE-2017-14768 RESERVED CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...) - {DSA-3996-1} + {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d @@ -77300,12 +77521,12 @@ CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage( NOTE: https://github.com/ImageMagick/ImageMagick/issues/715 NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...) - {DSA-3996-1} + {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7 CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...) - {DSA-3996-1} + {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2 @@ -77735,18 +77956,18 @@ CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c doe - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...) - {DSA-3996-1} + {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329 NOTE: libav: The vulnerable code is in asfdec.c. CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...) - {DSA-3996-1} + {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...) - {DSA-3996-1} + {DSA-3996-1 DLA-1630-1} - ffmpeg 7:3.3.4-1 (low) - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e @@ -88080,12 +88301,13 @@ CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly va NOTE: https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69 NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706 CVE-2017-9994 (libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ...) + {DLA-1630-1} - ffmpeg 7:3.2.5-1 - libav <removed> [wheezy] - libav <not-affected> (Vulnerable code not present, WebP decoder feature introduced in v10) NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef CVE-2017-9993 (FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ...) - {DSA-3957-1} + {DSA-3957-1 DLA-1630-1} - ffmpeg 7:3.2.6-1 - libav <removed> NOTE: https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021 |