diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-04-02 19:33:16 +0200 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-04-02 19:33:16 +0200 |
commit | c79e85991082a04a7d89439391db3c2e040a065f (patch) | |
tree | 330796613d10d176f3ac9ab989fd54644ea89c7c /data/CVE/2019.list | |
parent | e5f28ca43cfebde01699523b774888b7fc0e4de1 (diff) |
new gpac issues
NFUs
Diffstat (limited to 'data/CVE/2019.list')
-rw-r--r-- | data/CVE/2019.list | 57 |
1 files changed, 39 insertions, 18 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 36e8c6a32a..7891016099 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4,15 +4,36 @@ CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Fr - patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied) NOTE: https://savannah.gnu.org/bugs/index.php?56683 CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - TODO: check + - gpac <unfixed> + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + NOTE: https://github.com/gpac/gpac/issues/1271 CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - TODO: check + - gpac <unfixed> + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + NOTE: https://github.com/gpac/gpac/issues/1270 CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - TODO: check + - gpac <unfixed> + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + NOTE: https://github.com/gpac/gpac/issues/1268 CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - TODO: check + - gpac <unfixed> + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 + NOTE: https://github.com/gpac/gpac/issues/1264 CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) - TODO: check + - gpac <unfixed> + [buster] - gpac <no-dsa> (Minor issue) + [stretch] - gpac <no-dsa> (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + NOTE: https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8 + NOTE: https://github.com/gpac/gpac/issues/1269 CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. ...) NOT-FOR-US: AutoUpdater.NET CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...) @@ -25631,9 +25652,9 @@ CVE-2019-10809 CVE-2019-10808 (utilitify prior to 1.0.3 allows modification of object properties. The ...) NOT-FOR-US: utilitify CVE-2019-10807 (Blamer versions prior to 1.0.1 allows execution of arbitrary commands. ...) - TODO: check + NOT-FOR-US: Node blamer CVE-2019-10806 (vega-util prior to 1.13.1 allows manipulation of object prototype. The ...) - TODO: check + NOT-FOR-US: Node vega-util CVE-2019-10805 (valib through 2.0.0 allows Internal Property Tampering. A maliciously ...) NOT-FOR-US: Node valib CVE-2019-10804 (serial-number through 1.3.0 allows execution of arbritary commands. Th ...) @@ -30310,9 +30331,9 @@ CVE-2019-9503 (The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a4 - linux 4.19.37-4 NOTE: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f (5.1-rc1) CVE-2019-9502 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. I ...) - TODO: check + NOT-FOR-US: Broadcom CVE-2019-9501 (The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. B ...) - TODO: check + NOT-FOR-US: Broadcom CVE-2019-9500 (The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc ...) {DSA-4465-1 DLA-1824-1} - linux 4.19.37-4 @@ -30393,9 +30414,9 @@ CVE-2019-9476 CVE-2019-9475 RESERVED CVE-2019-9474 (In Bluetooth, there is a possible out of bounds read due to a missing ...) - TODO: check + NOT-FOR-US: Android CVE-2019-9473 (In Bluetooth, there is a possible out of bounds read due to a missing ...) - TODO: check + NOT-FOR-US: Android CVE-2019-9472 (In DCRYPTO_equals of compare.c, there is a possible timing attack due ...) NOT-FOR-US: Android CVE-2019-9471 (In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds ...) @@ -31143,7 +31164,7 @@ CVE-2019-9165 (SQL injection vulnerability in Nagios XI before 5.5.11 allows att CVE-2019-9164 (Command injection in Nagios XI before 5.5.11 allows an authenticated u ...) NOT-FOR-US: Nagios XI CVE-2019-9163 (The connection initiation process in March Networks Command Client bef ...) - TODO: check + NOT-FOR-US: March Networks CVE-2019-9161 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...) NOT-FOR-US: Sangfor Sundray WLAN Controller CVE-2019-9160 (WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier ...) @@ -44281,7 +44302,7 @@ CVE-2019-3696 (A Improper Limitation of a Pathname to a Restricted Directory vul CVE-2019-3695 (A Improper Control of Generation of Code vulnerability in the packagin ...) NOT-FOR-US: SAP CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...) - TODO: check + NOT-FOR-US: SuSE packaging of munin CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE ...) TODO: check CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...) @@ -44300,7 +44321,7 @@ CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Ent - squid <not-affected> (/usr/lib/squid/pinger permissions are root:root) - squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root) CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...) - TODO: check + NOT-FOR-US: SuSE CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...) - openqa <itp> (bug #840253) CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...) @@ -47550,7 +47571,7 @@ CVE-2019-2218 (In createSessionInternal of PackageInstallerService.java, there i CVE-2019-2217 (In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corrupt ...) NOT-FOR-US: Android CVE-2019-2216 (In overlay notifications, there is a possible hidden notification due ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2215 (A use-after-free in binder.c allows an elevation of privilege from an ...) {DLA-2114-1 DLA-2068-1} - linux 4.15.4-1 @@ -47848,9 +47869,9 @@ CVE-2019-2091 (In GetPermittedAccessibilityServicesForUser of DevicePolicyManage CVE-2019-2090 (In isPackageDeviceAdminOnAnyUser of PackageManagerService.java, there ...) NOT-FOR-US: Android CVE-2019-2089 (In app uninstallation, there is a possible set of permissions that may ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2088 (In StatsService, there is a possible out of bounds read. This could le ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2087 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2086 (In libxaac, there is a possible out of bounds write due to a missing b ...) @@ -47910,7 +47931,7 @@ CVE-2019-2060 (In libxaac, there is a possible out of bounds read due to a missi CVE-2019-2059 (In libxaac, there is a possible out of bounds write due to a missing b ...) NOT-FOR-US: Android CVE-2019-2058 (In libAACdec, there is a possible out of bounds read. This could lead ...) - TODO: check + NOT-FOR-US: Android CVE-2019-2057 RESERVED CVE-2019-2056 |