Skip to content

Instantly share code, notes, and snippets.

@jvrmaia

jvrmaia/scan.txt Secret

Created Mar 7, 2020
Embed
What would you like to do?
vul scan docker
#!/bin/bash -eo pipefail
#!/usr/bin/env bash
set -e
DOCKER_TAR_DIR="/docker-tars"
if [ -z "jvrmaia/flask-docker-example:latest" ] && [ -z "$(ls -A "$DOCKER_TAR_DIR" 2>/dev/null)" ]; then
echo "image_file or image parameters or docker tarballs must be present"
exit 255
fi
REPORT_DIR=/clair-reports
mkdir $REPORT_DIR
DB=$(docker run -p 5432:5432 -d arminc/clair-db:latest)
CLAIR=$(docker run -p 6060:6060 --link "$DB":postgres -d arminc/clair-local-scan:latest)
CLAIR_SCANNER=$(docker run -v /var/run/docker.sock:/var/run/docker.sock -d ovotech/clair-scanner@sha256:8a4f920b4e7e40dbcec4a6168263d45d3385f2970ee33e5135dd0e3b75d39c75 tail -f /dev/null)
clair_ip=$(docker exec -it "$CLAIR" hostname -i | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
scanner_ip=$(docker exec -it "$CLAIR_SCANNER" hostname -i | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
if [ -n "" ]; then
cat ""
docker cp "" "$CLAIR_SCANNER:/whitelist.yml"
WHITELIST="-w /whitelist.yml"
fi
function scan() {
local image=$1
# replace forward-slashes and colons with underscores
munged_image=$(echo "$image" | sed 's/\//_/g' | sed 's/:/_/g')
sanitised_image_filename="${munged_image}.json"
local ret=0
local docker_cmd=(docker exec -it "$CLAIR_SCANNER" clair-scanner \
--ip "$scanner_ip" \
--clair=http://"$clair_ip":6060 \
-t "High" \
--report "/$sanitised_image_filename" \
--log "/log.json" ${WHITELIST:+"-x"}
--reportAll=true \
--exit-when-no-features=false \
"$image")
# if verbose output is disabled, analyse status code for more fine-grained output
if [ "false" == "true" ];then
"${docker_cmd[@]}" > /dev/null 2>&1 || ret=$?
else
"${docker_cmd[@]}" 2>&1 || ret=$?
fi
if [ $ret -eq 0 ]; then
echo "No unapproved vulnerabilities"
elif [ $ret -eq 1 ]; then
echo "Unapproved vulnerabilities found"
if [ "true" == "true" ];then
EXIT_STATUS=1
fi
elif [ $ret -eq 5 ]; then
echo "Image was not scanned, not supported."
if [ "true" == "true" ];then
EXIT_STATUS=1
fi
else
echo "Unknown clair-scanner return code $ret."
EXIT_STATUS=1
fi
docker cp "$CLAIR_SCANNER:/$sanitised_image_filename" "$REPORT_DIR/$sanitised_image_filename" || true
}
EXIT_STATUS=0
for entry in "$DOCKER_TAR_DIR"/*.tar; do
[ -e "$entry" ] || continue
images=$(docker load -i "$entry" | sed -e 's/Loaded image: //g')
for image in $images; do
scan "$image"
done
done
if [ -n "" ]; then
images=$(cat "")
for image in $images; do
docker pull "$image"
scan "$image"
done
fi
if [ -n "jvrmaia/flask-docker-example:latest" ]; then
image="jvrmaia/flask-docker-example:latest"
docker pull "$image"
scan "$image"
fi
exit $EXIT_STATUS
Digest: sha256:5124d1bc864a90f63b1779f20d2a6dd7f9bef071b52a6b2c99b63c00a62b5a23
Status: Downloaded newer image for *******/flask-docker-example:latest
docker.io/*******/flask-docker-example:latest
2020/03/07 10:19:57 [INFO] ▶ Start clair-scanner
2020/03/07 10:20:12 [INFO] ▶ Server listening on port 9279
2020/03/07 10:20:12 [INFO] ▶ Analyzing 833c6daa5e441f05bf0861abf69385f4336a84579e106a4e10df96c16345238c
2020/03/07 10:20:13 [INFO] ▶ Analyzing 4841da9e53306739896736018799725127bf022debe92a6fba5849e462df6d7c
2020/03/07 10:20:14 [INFO] ▶ Analyzing 74a44e872bf076416afabf8c6ad9a44267469fcf7406ca59efd971b9f36ec2e0
2020/03/07 10:20:14 [INFO] ▶ Analyzing 08956d8cfb4a5c3911c05bbcccdee8ea6c5ee78e2a557705b186d093e10e3c8d
2020/03/07 10:20:14 [INFO] ▶ Analyzing 2418f849fdd6aa84613bf622029f9c13f8af63369b1bfb9fe37d1c91c5f8014b
2020/03/07 10:20:15 [INFO] ▶ Analyzing 665107ae66eecfa7a5ad25f3a3fea690a7b39d947435aefafb73d2276f6b1e1a
2020/03/07 10:20:15 [INFO] ▶ Analyzing 81fbbe995a7a6c8de2069875be5441038ec5d6f7b79048a2ffc6ab48e2ac5c61
2020/03/07 10:20:15 [INFO] ▶ Analyzing ce041cd84cdf830252387144de7b13594132831baf70deb81b9db077e2394b16
2020/03/07 10:20:15 [INFO] ▶ Analyzing c3bc4598a93d965a92519a886c6ec7e8ad05a73bb59da5e12dc091fe6de90e05
2020/03/07 10:20:15 [INFO] ▶ Analyzing 57ef9d9cfc8a93dfa86b31274c6327f2d297eef8402742324c6f4e96bceffcba
2020/03/07 10:20:15 [INFO] ▶ Analyzing 8dc77558fa31b6eaf473e1e89ae568041b232a95a31d53d41d66e25fce4f357d
2020/03/07 10:20:15 [WARN] ▶ Image [*******/flask-docker-example:latest] contains 354 total vulnerabilities
2020/03/07 10:20:15 [ERRO] ▶ Image [*******/flask-docker-example:latest] contains 8 unapproved vulnerabilities
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| STATUS | CVE SEVERITY | PACKAGE NAME | PACKAGE VERSION | CVE DESCRIPTION |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-19816 | linux | 4.19.98-1 | In the Linux kernel 5.0.21, mounting a crafted btrfs |
| | | | | filesystem image and performing some operations |
| | | | | can cause slab-out-of-bounds write access in |
| | | | | __btrfs_map_block in fs/btrfs/volumes.c, because a value |
| | | | | of 1 for the number of data stripes is mishandled. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19816 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-19814 | linux | 4.19.98-1 | In the Linux kernel 5.0.21, mounting a crafted f2fs |
| | | | | filesystem image can cause __remove_dirty_segment |
| | | | | slab-out-of-bounds write access because an |
| | | | | array is bounded by the number of dirty types |
| | | | | (8) but the array index can exceed this. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19814 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Unapproved | Critical CVE-2019-19813 | linux | 4.19.98-1 | In the Linux kernel 5.0.21, mounting a crafted btrfs |
| | | | | filesystem image, performing some operations, and then |
| | | | | making a syncfs system call can lead to a use-after-free |
| | | | | in __mutex_lock in kernel/locking/mutex.c. This is related |
| | | | | to mutex_can_spin_on_owner in kernel/locking/mutex.c, |
| | | | | __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and |
| | | | | btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19813 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2020-8492 | python3.7 | 3.7.3-2+deb10u1 | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 |
| | | | | through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 |
| | | | | allows an HTTP server to conduct Regular Expression |
| | | | | Denial of Service (ReDoS) attacks against a client |
| | | | | because of urllib.request.AbstractBasicAuthHandler |
| | | | | catastrophic backtracking. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-8492 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2019-19074 | linux | 4.19.98-1 | A memory leak in the ath9k_wmi_cmd() function in |
| | | | | drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel |
| | | | | through 5.3.11 allows attackers to cause a denial of |
| | | | | service (memory consumption), aka CID-728c1e2a05e4. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19074 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2020-8492 | python2.7 | 2.7.16-2+deb10u1 | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 |
| | | | | through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 |
| | | | | allows an HTTP server to conduct Regular Expression |
| | | | | Denial of Service (ReDoS) attacks against a client |
| | | | | because of urllib.request.AbstractBasicAuthHandler |
| | | | | catastrophic backtracking. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-8492 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2019-19815 | linux | 4.19.98-1 | In the Linux kernel 5.0.21, mounting a crafted f2fs |
| | | | | filesystem image can cause a NULL pointer dereference |
| | | | | in f2fs_recover_fsync_data in fs/f2fs/recovery.c. |
| | | | | This is related to F2FS_P_SB in fs/f2fs/f2fs.h. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19815 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Unapproved | High CVE-2013-7445 | linux | 4.19.98-1 | The Direct Rendering Manager (DRM) subsystem in |
| | | | | the Linux kernel through 4.x mishandles requests |
| | | | | for Graphics Execution Manager (GEM) objects, |
| | | | | which allows context-dependent attackers to cause |
| | | | | a denial of service (memory consumption) via |
| | | | | an application that processes graphics data, as |
| | | | | demonstrated by JavaScript code that creates many |
| | | | | CANVAS elements for rendering by Chrome or Firefox. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2013-7445 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-11597 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer |
| | | | | over-read in the function WriteTIFFImage of coders/tiff.c, |
| | | | | which allows an attacker to cause a denial of service or |
| | | | | possibly information disclosure via a crafted image file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-11597 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-16168 | sqlite3 | 3.27.2-3 | In SQLite through 3.29.0, whereLoopAddBtreeIndex in |
| | | | | sqlite3.c can crash a browser or other application |
| | | | | because of missing validation of a sqlite_stat1 sz field, |
| | | | | aka a "severe division by zero in the query planner." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16168 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-20218 | sqlite3 | 3.27.2-3 | selectExpander in select.c in SQLite 3.30.1 proceeds |
| | | | | with WITH stack unwinding even after a parsing error. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-20218 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19603 | sqlite3 | 3.27.2-3 | SQLite 3.30.1 mishandles certain SELECT statements with |
| | | | | a nonexistent VIEW, leading to an application crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19603 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-20388 | libxml2 | 2.9.4+dfsg1-7 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 |
| | | | | allows an xmlSchemaValidateStream memory leak. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-20388 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2017-16932 | libxml2 | 2.9.4+dfsg1-7 | parser.c in libxml2 before 2.9.5 does not prevent |
| | | | | infinite recursion in parameter entities. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16932 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19377 | linux | 4.19.98-1 | In the Linux kernel 5.0.21, mounting a crafted |
| | | | | btrfs filesystem image, performing some operations, |
| | | | | and unmounting can lead to a use-after-free in |
| | | | | btrfs_queue_work in fs/btrfs/async-thread.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19377 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2020-7595 | libxml2 | 2.9.4+dfsg1-7 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 |
| | | | | has an infinite loop in a certain end-of-file situation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-7595 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2018-14567 | libxml2 | 2.9.4+dfsg1-7 | libxml2 2.9.8, if --with-lzma is used, allows remote |
| | | | | attackers to cause a denial of service (infinite loop) |
| | | | | via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, |
| | | | | as demonstrated by xmllint, a different |
| | | | | vulnerability than CVE-2015-8035 and CVE-2018-9251. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-14567 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19036 | linux | 4.19.98-1 | btrfs_root_node in fs/btrfs/ctree.c in the Linux |
| | | | | kernel through 5.3.12 allows a NULL pointer dereference |
| | | | | because rcu_dereference(root->node) can be zero. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19036 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2016-9318 | libxml2 | 2.9.4+dfsg1-7 | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 |
| | | | | and earlier and other products, does not offer a |
| | | | | flag directly indicating that the current document |
| | | | | may be read but other files may not be opened, which |
| | | | | makes it easier for remote attackers to conduct XML |
| | | | | External Entity (XXE) attacks via a crafted document. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9318 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19318 | linux | 4.19.98-1 | In the Linux kernel 5.3.11, mounting a |
| | | | | crafted btrfs image twice can cause an |
| | | | | rwsem_down_write_slowpath use-after-free because (in |
| | | | | rwsem_can_spin_on_owner in kernel/locking/rwsem.c) |
| | | | | rwsem_owner_flags returns an already freed pointer, |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19318 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19449 | linux | 4.19.98-1 | In the Linux kernel 5.0.21, mounting a crafted f2fs |
| | | | | filesystem image can lead to slab-out-of-bounds |
| | | | | read access in f2fs_build_segment_manager in |
| | | | | fs/f2fs/segment.c, related to init_min_max_mtime |
| | | | | in fs/f2fs/segment.c (because the second |
| | | | | argument to get_seg_entry is not validated). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19449 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19956 | libxml2 | 2.9.4+dfsg1-7 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 |
| | | | | before 2.9.10 has a memory leak related to newDoc->oldNs. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19956 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-18804 | djvulibre | 3.5.27.1-10 | DjVuLibre 3.5.27 has a NULL pointer dereference in |
| | | | | the function DJVU::filter_fv at IW44EncodeCodec.cpp. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-18804 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-20454 | pcre2 | 10.32-5 | An out-of-bounds read was discovered in PCRE before |
| | | | | 10.34 when the pattern \X is JIT compiled and used |
| | | | | to match specially crafted subjects in non-UTF |
| | | | | mode. Applications that use PCRE to parse untrusted |
| | | | | input may be vulnerable to this flaw, which would |
| | | | | allow an attacker to crash the application. The flaw |
| | | | | occurs in do_extuni_no_utf in pcre2_jit_compile.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-20454 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-12290 | libidn2 | 2.0.5-1+deb10u1 | GNU libidn2 before 2.2.0 fails to perform the roundtrip |
| | | | | checks specified in RFC3490 Section 4.2 when converting |
| | | | | A-labels to U-labels. This makes it possible in some |
| | | | | circumstances for one domain to impersonate another. |
| | | | | By creating a malicious domain that matches a target |
| | | | | domain except for the inclusion of certain punycoded |
| | | | | Unicode characters (that would be discarded when |
| | | | | converted first to a Unicode label and then back to an |
| | | | | ASCII label), arbitrary domains can be impersonated. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12290 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19319 | linux | 4.19.98-1 | In the Linux kernel 5.0.21, a setxattr operation, |
| | | | | after a mount of a crafted ext4 image, can cause |
| | | | | a slab-out-of-bounds write access because of an |
| | | | | ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c |
| | | | | when a large old_size value is used in a memset call. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19319 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2009-3546 | libwmf | 0.2.8.4-14 | The _gdGetColors function in gd_gd.c in PHP 5.2.11 |
| | | | | and 5.3.x before 5.3.1, and the GD Graphics Library |
| | | | | 2.x, does not properly verify a certain colorsTotal |
| | | | | structure member, which might allow remote attackers |
| | | | | to conduct buffer overflow or buffer over-read attacks |
| | | | | via a crafted GD file, a different vulnerability |
| | | | | than CVE-2009-3293. NOTE: some of these details |
| | | | | are obtained from third party information. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2009-3546 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2007-3996 | libwmf | 0.2.8.4-14 | Multiple integer overflows in libgd in PHP before |
| | | | | 5.2.4 allow remote attackers to cause a denial of |
| | | | | service (application crash) and possibly execute |
| | | | | arbitrary code via a large (1) srcW or (2) srcH value |
| | | | | to the (a) gdImageCopyResized function, or a large |
| | | | | (3) sy (height) or (4) sx (width) value to the (b) |
| | | | | gdImageCreate or the (c) gdImageCreateTrueColor function. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2007-3996 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-20446 | librsvg | 2.44.10-2.1 | In xml.rs in GNOME librsvg before 2.46.2, a crafted |
| | | | | SVG file with nested patterns can cause denial of |
| | | | | service when passed to the library for processing. |
| | | | | The attacker constructs pattern elements so that the |
| | | | | number of final rendered objects grows exponentially. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-20446 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13627 | libgcrypt20 | 1.8.4-5 | It was discovered that there was a ECDSA timing attack |
| | | | | in the libgcrypt20 cryptographic library. Version |
| | | | | affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. |
| | | | | Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13627 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13115 | libssh2 | 1.8.0-2.1 | In libssh2 before 1.9.0, |
| | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
| | | | | in kex.c has an integer overflow that could lead to an |
| | | | | out-of-bounds read in the way packets are read from the |
| | | | | server. A remote attacker who compromises a SSH server |
| | | | | may be able to disclose sensitive information or cause |
| | | | | a denial of service condition on the client system when |
| | | | | a user connects to the server. This is related to an |
| | | | | _libssh2_check_length mistake, and is different from the |
| | | | | various issues fixed in 1.8.1, such as CVE-2019-3855. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13115 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2016-10723 | linux | 4.19.98-1 | ** DISPUTED ** An issue was discovered in the Linux kernel |
| | | | | through 4.17.2. Since the page allocator does not yield |
| | | | | CPU resources to the owner of the oom_lock mutex, a local |
| | | | | unprivileged user can trivially lock up the system forever |
| | | | | by wasting CPU resources from the page allocator (e.g., via |
| | | | | concurrent page fault events) when the global OOM killer |
| | | | | is invoked. NOTE: the software maintainer has not accepted |
| | | | | certain proposed patches, in part because of a viewpoint |
| | | | | that "the underlying problem is non-trivial to handle." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-10723 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13305 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has a stack-based buffer |
| | | | | overflow at coders/pnm.c in WritePNMImage because |
| | | | | of a misplaced strncpy and an off-by-one error. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13305 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13391 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.0.8-50 Q16, ComplexImages in |
| | | | | MagickCore/fourier.c has a heap-based buffer over-read |
| | | | | because of incorrect calls to GetCacheViewVirtualPixels. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13391 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-12974 | imagemagick | 8:6.9.10.23+dfsg-2.1 | A NULL pointer dereference in the function ReadPANGOImage |
| | | | | in coders/pango.c and the function ReadVIDImage in |
| | | | | coders/vid.c in ImageMagick 7.0.8-34 allows remote |
| | | | | attackers to cause a denial of service via a crafted image. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12974 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19770 | linux | 4.19.98-1 | In the Linux kernel 4.19.83, there is a use-after-free |
| | | | | (read) in the debugfs_remove function in fs/debugfs/inode.c |
| | | | | (which is used to remove a file or directory in |
| | | | | debugfs that was previously created with a call to |
| | | | | another debugfs function such as debugfs_create_file). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19770 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2018-3693 | linux | 4.19.98-1 | Systems with microprocessors utilizing speculative execution |
| | | | | and branch prediction may allow unauthorized disclosure |
| | | | | of information to an attacker with local user access via |
| | | | | a speculative buffer overflow and side-channel analysis. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-3693 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2017-9115 | openexr | 2.2.1-4.1 | In OpenEXR 2.2.0, an invalid write of size 2 in |
| | | | | the = operator function in half.h could cause the |
| | | | | application to crash or execute arbitrary code. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9115 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13135 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick before 7.0.8-50 has a "use of |
| | | | | uninitialized value" vulnerability in the |
| | | | | function ReadCUTImage in coders/cut.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13135 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2018-17977 | linux | 4.19.98-1 | The Linux kernel 4.14.67 mishandles certain interaction |
| | | | | among XFRM Netlink messages, IPPROTO_AH packets, |
| | | | | and IPPROTO_IP packets, which allows local users to |
| | | | | cause a denial of service (memory consumption and |
| | | | | system hang) by leveraging root access to execute |
| | | | | crafted applications, as demonstrated on CentOS 7. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-17977 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-12977 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-34 has a "use of uninitialized value" |
| | | | | vulnerability in the WriteJP2Image function in coders/jp2.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12977 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2017-9111 | openexr | 2.2.1-4.1 | In OpenEXR 2.2.0, an invalid write of size 8 in the |
| | | | | storeSSE function in ImfOptimizedPixelReading.h could |
| | | | | cause the application to crash or execute arbitrary code. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9111 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-20367 | libbsd | 0.9.1-2 | nlist.c in libbsd before 0.10.0 has an |
| | | | | out-of-bounds read during a comparison for a |
| | | | | symbol name from the string table (strtab). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-20367 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2017-9114 | openexr | 2.2.1-4.1 | In OpenEXR 2.2.0, an invalid read of size |
| | | | | 1 in the refill function in ImfFastHuf.cpp |
| | | | | could cause the application to crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9114 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13304 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has a stack-based |
| | | | | buffer overflow at coders/pnm.c in WritePNMImage |
| | | | | because of a misplaced assignment. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13304 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19448 | linux | 4.19.98-1 | In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted |
| | | | | btrfs filesystem image, performing some operations, and then |
| | | | | making a syncfs system call can lead to a use-after-free |
| | | | | in try_merge_free_space in fs/btrfs/free-space-cache.c |
| | | | | because the pointer to a left data structure can be |
| | | | | the same as the pointer to a right data structure. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19448 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13300 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has a heap-based |
| | | | | buffer overflow at MagickCore/statistic.c in |
| | | | | EvaluateImages because of mishandling columns. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13300 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2020-8992 | linux | 4.19.98-1 | ext4_protect_reserved_inode in fs/ext4/block_validity.c in |
| | | | | the Linux kernel through 5.5.3 allows attackers to cause a |
| | | | | denial of service (soft lockup) via a crafted journal size. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-8992 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13308 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer |
| | | | | overflow in MagickCore/fourier.c in ComplexImage. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13308 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13307 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has a heap-based |
| | | | | buffer overflow at MagickCore/statistic.c in |
| | | | | EvaluateImages because of mishandling rows. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13307 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2020-8112 | openjpeg2 | 2.3.0-2+deb10u1 | opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG |
| | | | | 2.3.1 through 2020-01-28 has a heap-based buffer overflow in |
| | | | | the qmfbid==1 case, a different issue than CVE-2020-6851. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-8112 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2020-6851 | openjpeg2 | 2.3.0-2+deb10u1 | OpenJPEG through 2.3.1 has a heap-based buffer overflow |
| | | | | in opj_t1_clbl_decode_processor in openjp2/t1.c because |
| | | | | of lack of opj_j2k_update_image_dimensions validation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-6851 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19769 | linux | 4.19.98-1 | In the Linux kernel 5.3.10, there is a use-after-free |
| | | | | (read) in the perf_trace_lock_acquire function |
| | | | | (related to include/trace/events/lock.h). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19769 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-14981 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.x before 7.0.8-41 and 6.x before |
| | | | | 6.9.10-41, there is a divide-by-zero vulnerability in |
| | | | | the MeanShiftImage function. It allows an attacker to |
| | | | | cause a denial of service by sending a crafted file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-14981 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-15139 | imagemagick | 8:6.9.10.23+dfsg-2.1 | The XWD image (X Window System window dumping file) |
| | | | | parsing component in ImageMagick 7.0.8-41 Q16 allows |
| | | | | attackers to cause a denial-of-service (application crash |
| | | | | resulting from an out-of-bounds Read) in ReadXWDImage |
| | | | | in coders/xwd.c by crafting a corrupted XWD image |
| | | | | file, a different vulnerability than CVE-2019-11472. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-15139 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-15140 | imagemagick | 8:6.9.10.23+dfsg-2.1 | coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote |
| | | | | attackers to cause a denial of service (use-after-free |
| | | | | and application crash) or possibly have unspecified |
| | | | | other impact by crafting a Matlab image file that is |
| | | | | mishandled in ReadImage in MagickCore/constitute.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-15140 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13454 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-54 Q16 allows Division by Zero |
| | | | | in RemoveDuplicateLayers in MagickCore/layer.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13454 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13295 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read |
| | | | | at MagickCore/threshold.c in AdaptiveThresholdImage |
| | | | | because a width of zero is mishandled. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13295 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2018-12886 | gcc-8 | 8.3.0-6 | stack_protect_prologue in cfgexpand.c and |
| | | | | stack_protect_epilogue in function.c in GNU Compiler |
| | | | | Collection (GCC) 4.1 through 8 (under certain |
| | | | | circumstances) generate instruction sequences when |
| | | | | targeting ARM targets that spill the address of |
| | | | | the stack protector guard, which allows an attacker |
| | | | | to bypass the protection of -fstack-protector, |
| | | | | -fstack-protector-all, -fstack-protector-strong, and |
| | | | | -fstack-protector-explicit against stack overflow by |
| | | | | controlling what the stack canary is compared against. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-12886 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-11598 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.0.8-40 Q16, there is a heap-based |
| | | | | buffer over-read in the function WritePNMImage |
| | | | | of coders/pnm.c, which allows an attacker to |
| | | | | cause a denial of service or possibly information |
| | | | | disclosure via a crafted image file. This is related |
| | | | | to SetGrayscaleImage in MagickCore/quantize.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-11598 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-12979 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-34 has a "use of uninitialized |
| | | | | value" vulnerability in the SyncImageSettings |
| | | | | function in MagickCore/image.c. This is |
| | | | | related to AcquireImage in magick/image.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12979 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13306 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has a stack-based |
| | | | | buffer overflow at coders/pnm.c in |
| | | | | WritePNMImage because of off-by-one errors. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13306 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19768 | linux | 4.19.98-1 | In the Linux kernel 5.4.0-rc2, there is a |
| | | | | use-after-free (read) in the __blk_add_trace |
| | | | | function in kernel/trace/blktrace.c (which |
| | | | | is used to fill out a blk_io_trace structure |
| | | | | and place it in a per-cpu sub-buffer). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19768 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-13297 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read |
| | | | | at MagickCore/threshold.c in AdaptiveThresholdImage |
| | | | | because a height of zero is mishandled. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13297 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Medium CVE-2019-19378 | linux | 4.19.98-1 | In the Linux kernel 5.0.21, mounting a crafted btrfs |
| | | | | filesystem image can lead to slab-out-of-bounds write |
| | | | | access in index_rbio_pages in fs/btrfs/raid56.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19378 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2018-12928 | linux | 4.19.98-1 | In the Linux kernel 4.15.0, a NULL pointer dereference |
| | | | | was discovered in hfs_ext_read_extent in hfs.ko. This |
| | | | | can occur during a mount of a crafted hfs filesystem. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-12928 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-12978 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-34 has a "use of |
| | | | | uninitialized value" vulnerability in the |
| | | | | ReadPANGOImage function in coders/pango.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12978 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-19948 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer |
| | | | | overflow in the function WriteSGIImage of coders/sgi.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19948 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-11472 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ReadXWDImage in coders/xwd.c in the XWD image |
| | | | | parsing component of ImageMagick 7.0.8-41 Q16 allows |
| | | | | attackers to cause a denial-of-service (divide-by-zero |
| | | | | error) by crafting an XWD image file in which the |
| | | | | header indicates neither LSB first nor MSB first. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-11472 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-18885 | linux | 4.19.98-1 | fs/btrfs/volumes.c in the Linux kernel before 5.1 allows |
| | | | | a btrfs_verify_dev_extents NULL pointer dereference via |
| | | | | a crafted btrfs image because fs_devices->devices is |
| | | | | mishandled within find_device, aka CID-09ba3bc9dd15. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-18885 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2020-8647 | linux | 4.19.98-1 | There is a use-after-free vulnerability |
| | | | | in the Linux kernel through 5.5.2 in the |
| | | | | vc_do_resize function in drivers/tty/vt/vt.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-8647 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-11470 | imagemagick | 8:6.9.10.23+dfsg-2.1 | The cineon parsing component in ImageMagick 7.0.8-26 |
| | | | | Q16 allows attackers to cause a denial-of-service |
| | | | | (uncontrolled resource consumption) by crafting a |
| | | | | Cineon image with an incorrect claimed image size. |
| | | | | This occurs because ReadCINImage in coders/cin.c |
| | | | | lacks a check for insufficient image data in a file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-11470 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-17543 | lz4 | 1.8.3-1 | LZ4 before 1.9.2 has a heap-based buffer overflow |
| | | | | in LZ4_write32 (related to LZ4_compress_destSize), |
| | | | | affecting applications that call LZ4_compress_fast |
| | | | | with a large input. (This issue can also lead to |
| | | | | data corruption.) NOTE: the vendor states "only a few |
| | | | | specific / uncommon usages of the API are at risk." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-17543 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2016-10228 | glibc | 2.28-10 | The iconv program in the GNU C Library (aka glibc or |
| | | | | libc6) 2.25 and earlier, when invoked with the -c option, |
| | | | | enters an infinite loop when processing invalid multi-byte |
| | | | | input sequences, leading to a denial of service. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-10228 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-18276 | bash | 5.0-4 | An issue was discovered in disable_priv_mode in shell.c |
| | | | | in GNU Bash through 5.0 patch 11. By default, if Bash is |
| | | | | run with its effective UID not equal to its real UID, it |
| | | | | will drop privileges by setting its effective UID to its |
| | | | | real UID. However, it does so incorrectly. On Linux and |
| | | | | other systems that support "saved UID" functionality, |
| | | | | the saved UID is not dropped. An attacker with command |
| | | | | execution in the shell can use "enable -f" for runtime |
| | | | | loading of a new builtin, which can be a shared object that |
| | | | | calls setuid() and therefore regains privileges. However, |
| | | | | binaries running with an effective UID of 0 are unaffected. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-18276 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-19073 | linux | 4.19.98-1 | Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c |
| | | | | in the Linux kernel through 5.3.11 allow attackers |
| | | | | to cause a denial of service (memory consumption) |
| | | | | by triggering wait_for_completion_timeout() |
| | | | | failures. This affects the htc_config_pipe_credits() |
| | | | | function, the htc_setup_complete() function, and the |
| | | | | htc_connect_service() function, aka CID-853acf7caf10. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19073 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-19952 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.0.9-7 Q16, there is a |
| | | | | use-after-free in the function MngInfoDiscardObject |
| | | | | of coders/png.c, related to ReadOneMNGImage. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19952 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-19949 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer |
| | | | | over-read in the function WritePNGImage of coders/png.c, |
| | | | | related to Magick_png_write_raw_profile and LocaleNCompare. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19949 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2017-0630 | linux | 4.19.98-1 | An information disclosure vulnerability in the kernel |
| | | | | trace subsystem could enable a local malicious application |
| | | | | to access data outside of its permission levels. This |
| | | | | issue is rated as Moderate because it first requires |
| | | | | compromising a privileged process. Product: Android. |
| | | | | Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-0630 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2017-9113 | openexr | 2.2.1-4.1 | In OpenEXR 2.2.0, an invalid write of size 1 in the |
| | | | | bufferedReadPixels function in ImfInputFile.cpp could |
| | | | | cause the application to crash or execute arbitrary code. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9113 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-2201 | libjpeg-turbo | 1:1.5.2-2 | In generate_jsimd_ycc_rgb_convert_neon of |
| | | | | jsimd_arm64_neon.S, there is a possible out of bounds write |
| | | | | due to a missing bounds check. This could lead to remote |
| | | | | code execution in an unprivileged process with no additional |
| | | | | execution privileges needed. User interaction is needed |
| | | | | for exploitation.Product: AndroidVersions: Android-8.0 |
| | | | | Android-8.1 Android-9 Android-10Android ID: A-120551338 |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-2201 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-14855 | gnupg2 | 2.2.12-1+deb10u1 | https://security-tracker.debian.org/tracker/CVE-2019-14855 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2020-8648 | linux | 4.19.98-1 | There is a use-after-free vulnerability |
| | | | | in the Linux kernel through 5.5.2 in the |
| | | | | n_tty_receive_buf_common function in drivers/tty/n_tty.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-8648 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2017-17942 | tiff | 4.1.0+git191117-2~deb10u1 | In LibTIFF 4.0.9, there is a heap-based buffer over-read |
| | | | | in the function PackBitsEncode in tif_packbits.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-17942 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-19039 | linux | 4.19.98-1 | ** DISPUTED ** __btrfs_free_extent in fs/btrfs/extent-tree.c |
| | | | | in the Linux kernel through 5.3.12 calls btrfs_print_leaf |
| | | | | in a certain ENOENT case, which allows local users to obtain |
| | | | | potentially sensitive information about register values |
| | | | | via the dmesg program. NOTE: The BTRFS development team |
| | | | | disputes this issues as not being a vulnerability because |
| | | | | “1) The kernel provide facilities to restrict access to |
| | | | | dmesg - dmesg_restrict=1 sysctl option. So it's really up |
| | | | | to the system administrator to judge whether dmesg access |
| | | | | shall be disallowed or not. 2) WARN/WARN_ON are widely used |
| | | | | macros in the linux kernel. If this CVE is considered valid |
| | | | | this would mean there are literally thousands CVE lurking |
| | | | | in the kernel - something which clearly is not the case.” |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19039 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2020-0009 | linux | 4.19.98-1 | In calc_vm_may_flags of ashmem.c, there is a possible |
| | | | | arbitrary write to shared memory due to a permissions |
| | | | | bypass. This could lead to local escalation of privilege |
| | | | | by corrupting memory shared between processes, with no |
| | | | | additional execution privileges needed. User interaction |
| | | | | is not needed for exploitation. Product: Android |
| | | | | Versions: Android kernel Android ID: A-142938932 |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-0009 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2017-9814 | cairo | 1.16.0-4 | cairo-truetype-subset.c in cairo 1.15.6 and |
| | | | | earlier allows remote attackers to cause a |
| | | | | denial of service (out-of-bounds read) because |
| | | | | of mishandling of an unexpected malloc(0) call. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9814 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-6462 | cairo | 1.16.0-4 | An issue was discovered in cairo 1.16.0. |
| | | | | There is an infinite loop in the function |
| | | | | _arc_error_normalized in the file cairo-arc.c, |
| | | | | related to _arc_max_angle_for_tolerance_normalized. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-6462 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2017-7475 | cairo | 1.16.0-4 | Cairo version 1.15.4 is vulnerable to a NULL |
| | | | | pointer dereference related to the FT_Load_Glyph and |
| | | | | FT_Render_Glyph resulting in an application crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-7475 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2018-7169 | shadow | 1:4.5-1.1 | An issue was discovered in shadow 4.5. newgidmap (in |
| | | | | shadow-utils) is setuid and allows an unprivileged user |
| | | | | to be placed in a user namespace where setgroups(2) is |
| | | | | permitted. This allows an attacker to remove themselves |
| | | | | from a supplementary group, which may allow access to |
| | | | | certain filesystem paths if the administrator has used |
| | | | | "group blacklisting" (e.g., chmod g-rwx) to restrict access |
| | | | | to paths. This flaw effectively reverts a security feature |
| | | | | in the kernel (in particular, the /proc/self/setgroups |
| | | | | knob) to prevent this sort of privilege escalation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-7169 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2016-2781 | coreutils | 8.30-3 | chroot in GNU coreutils, when used with --userspec, |
| | | | | allows local users to escape to the parent session |
| | | | | via a crafted TIOCSTI ioctl call, which pushes |
| | | | | characters to the terminal's input buffer. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-2781 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2007-3477 | libwmf | 0.2.8.4-14 | The (a) imagearc and (b) imagefilledarc functions in GD |
| | | | | Graphics Library (libgd) before 2.0.35 allow attackers |
| | | | | to cause a denial of service (CPU consumption) via |
| | | | | a large (1) start or (2) end angle degree value. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2007-3477 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-15847 | gcc-8 | 8.3.0-6 | The POWER9 backend in GNU Compiler Collection (GCC) |
| | | | | before version 10 could optimize multiple calls of |
| | | | | the __builtin_darn intrinsic into a single call, thus |
| | | | | reducing the entropy of the random number generator. This |
| | | | | occurred because a volatile operation was not specified. |
| | | | | For example, within a single execution of a program, the |
| | | | | output of every __builtin_darn() call may be the same. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-15847 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2007-3476 | libwmf | 0.2.8.4-14 | Array index error in gd_gif_in.c in the GD Graphics |
| | | | | Library (libgd) before 2.0.35 allows user-assisted remote |
| | | | | attackers to cause a denial of service (crash and heap |
| | | | | corruption) via large color index values in crafted |
| | | | | image data, which results in a segmentation fault. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2007-3476 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2016-8660 | linux | 4.19.98-1 | The XFS subsystem in the Linux kernel through 4.8.2 |
| | | | | allows local users to cause a denial of service (fdatasync |
| | | | | failure and system hang) by using the vfs syscall |
| | | | | group in the trinity program, related to a "page lock |
| | | | | order bug in the XFS seek hole/data implementation." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-8660 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2020-8649 | linux | 4.19.98-1 | There is a use-after-free vulnerability in the Linux |
| | | | | kernel through 5.5.2 in the vgacon_invert_region |
| | | | | function in drivers/video/console/vgacon.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-8649 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-15144 | djvulibre | 3.5.27.1-10 | In DjVuLibre 3.5.27, the sorting functionality (aka |
| | | | | GArrayTemplate<TYPE>::sort) allows attackers to |
| | | | | cause a denial-of-service (application crash due to |
| | | | | an Uncontrolled Recursion) by crafting a PBM image |
| | | | | file that is mishandled in libdjvu/GContainer.h. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-15144 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-15143 | djvulibre | 3.5.27.1-10 | In DjVuLibre 3.5.27, the bitmap reader component allows |
| | | | | attackers to cause a denial-of-service error (resource |
| | | | | exhaustion caused by a GBitmap::read_rle_raw infinite |
| | | | | loop) by crafting a corrupted image file, related |
| | | | | to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-15143 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-15142 | djvulibre | 3.5.27.1-10 | In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader |
| | | | | component allows attackers to cause a denial-of-service |
| | | | | (application crash in GStringRep::strdup in |
| | | | | libdjvu/GString.cpp caused by a heap-based |
| | | | | buffer over-read) by crafting a DJVU file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-15142 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-15145 | djvulibre | 3.5.27.1-10 | DjVuLibre 3.5.27 allows attackers to cause a |
| | | | | denial-of-service attack (application crash via an |
| | | | | out-of-bounds read) by crafting a corrupted JB2 image file |
| | | | | that is mishandled in JB2Dict::JB2Codec::get_direct_context |
| | | | | in libdjvu/JB2Image.h because of a missing |
| | | | | zero-bytes check in libdjvu/GBitmap.h. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-15145 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-3874 | linux | 4.19.98-1 | The SCTP socket buffer used by a userspace application is |
| | | | | not accounted by the cgroups subsystem. An attacker can |
| | | | | use this flaw to cause a denial of service attack. Kernel |
| | | | | 3.10.x and 4.18.x branches are believed to be vulnerable. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-3874 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2018-14498 | libjpeg-turbo | 1:1.5.2-2 | get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and |
| | | | | MozJPEG through 3.3.1 allows attackers to cause a denial of |
| | | | | service (heap-based buffer over-read and application crash) |
| | | | | via a crafted 8-bit BMP in which one or more of the color |
| | | | | indices is out of range for the number of palette entries. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-14498 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2017-8871 | libcroco | 0.6.12-3 | The cr_parser_parse_selector_core function in |
| | | | | cr-parser.c in libcroco 0.6.12 allows remote |
| | | | | attackers to cause a denial of service (infinite |
| | | | | loop and CPU consumption) via a crafted CSS file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-8871 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2017-8834 | libcroco | 0.6.12-3 | The cr_tknzr_parse_comment function in cr-tknzr.c in |
| | | | | libcroco 0.6.12 allows remote attackers to cause a denial of |
| | | | | service (memory allocation error) via a crafted CSS file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-8834 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2018-1152 | libjpeg-turbo | 1:1.5.2-2 | libjpeg-turbo 1.5.90 is vulnerable to a denial |
| | | | | of service vulnerability caused by a divide |
| | | | | by zero when processing a crafted BMP image. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-1152 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2017-18258 | libxml2 | 2.9.4+dfsg1-7 | The xz_head function in xzlib.c in libxml2 before 2.9.6 |
| | | | | allows remote attackers to cause a denial of service |
| | | | | (memory consumption) via a crafted LZMA file, because |
| | | | | the decoder functionality does not restrict memory |
| | | | | usage to what is required for a legitimate file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-18258 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-20386 | systemd | 241-7~deb10u3 | An issue was discovered in button_open in |
| | | | | login/logind-button.c in systemd before 243. When executing |
| | | | | the udevadm trigger command, a memory leak may occur. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-20386 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2018-14404 | libxml2 | 2.9.4+dfsg1-7 | A NULL pointer dereference vulnerability exists in |
| | | | | the xpath.c:xmlXPathCompOpEval() function of libxml2 |
| | | | | through 2.9.8 when parsing an invalid XPath expression |
| | | | | in the XPATH_OP_AND or XPATH_OP_OR case. Applications |
| | | | | processing untrusted XSL format inputs with the use |
| | | | | of the libxml2 library may be vulnerable to a denial |
| | | | | of service attack due to a crash of the application. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-14404 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-19645 | sqlite3 | 3.27.2-3 | alter.c in SQLite through 3.30.1 allows attackers to trigger |
| | | | | infinite recursion via certain types of self-referential |
| | | | | views in conjunction with ALTER TABLE statements. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19645 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-6461 | cairo | 1.16.0-4 | An issue was discovered in cairo 1.16.0. |
| | | | | There is an assertion problem in the function |
| | | | | _cairo_arc_in_direction in the file cairo-arc.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-6461 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2018-18064 | cairo | 1.16.0-4 | cairo through 1.15.14 has an out-of-bounds stack-memory |
| | | | | write during processing of a crafted document |
| | | | | by WebKitGTK+ because of the interaction between |
| | | | | cairo-rectangular-scan-converter.c (the generate and |
| | | | | render_rows functions) and cairo-image-compositor.c |
| | | | | (the _cairo_image_spans_and_zero function). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18064 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-1551 | openssl | 1.1.1d-0+deb10u2 | There is an overflow bug in the x64_64 Montgomery |
| | | | | squaring procedure used in exponentiation with 512-bit |
| | | | | moduli. No EC algorithms are affected. Analysis suggests |
| | | | | that attacks against 2-prime RSA1024, 3-prime RSA1536, |
| | | | | and DSA1024 as a result of this defect would be very |
| | | | | difficult to perform and are not believed likely. |
| | | | | Attacks against DH512 are considered just feasible. |
| | | | | However, for an attack the target would have to re-use |
| | | | | the DH512 private key, which is not recommended anyway. |
| | | | | Also applications directly using the low level API |
| | | | | BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. |
| | | | | Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). |
| | | | | Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-1551 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2018-10910 | bluez | 5.50-1 | A bug in Bluez may allow for the Bluetooth |
| | | | | Discoverable state being set to on when no Bluetooth |
| | | | | agent is registered with the system. This situation |
| | | | | could lead to the unauthorized pairing of certain |
| | | | | Bluetooth devices without any form of authentication. |
| | | | | Versions before bluez 5.51 are vulnerable. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-10910 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-17498 | libssh2 | 1.8.0-2.1 | In libssh2 v1.9.0 and earlier versions, the |
| | | | | SSH_MSG_DISCONNECT logic in packet.c has an integer overflow |
| | | | | in a bounds check, enabling an attacker to specify an |
| | | | | arbitrary (out-of-bounds) offset for a subsequent memory |
| | | | | read. A crafted SSH server may be able to disclose sensitive |
| | | | | information or cause a denial of service condition on |
| | | | | the client system when a user connects to the server. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-17498 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2020-9383 | linux | 4.19.98-1 | An issue was discovered in the Linux kernel through 5.5.6. |
| | | | | set_fdc in drivers/block/floppy.c leads to a wait_til_ready |
| | | | | out-of-bounds read because the FDC index is not checked |
| | | | | for errors before assigning it, aka CID-2e90ca68b0d2. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-9383 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2019-6988 | openjpeg2 | 2.3.0-2+deb10u1 | An issue was discovered in OpenJPEG 2.3.0. It allows remote |
| | | | | attackers to cause a denial of service (attempted excessive |
| | | | | memory allocation) in opj_calloc in openjp2/opj_malloc.c, |
| | | | | when called from opj_tcd_init_tile in openjp2/tcd.c, |
| | | | | as demonstrated by the 64-bit opj_decompress. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-6988 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Low CVE-2018-15919 | openssh | 1:7.9p1-10+deb10u2 | Remotely observable behaviour in auth-gss2.c in OpenSSH |
| | | | | through 7.8 could be used by remote attackers to detect |
| | | | | existence of users on a target system when GSS2 is in |
| | | | | use. NOTE: the discoverer states 'We understand that |
| | | | | the OpenSSH developers do not want to treat such a |
| | | | | username enumeration (or "oracle") as a vulnerability.' |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-15919 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12456 | linux | 4.19.98-1 | ** DISPUTED ** An issue was discovered in |
| | | | | the MPT3COMMAND case in _ctl_ioctl_main in |
| | | | | drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel |
| | | | | through 5.1.5. It allows local users to cause a denial |
| | | | | of service or possibly have unspecified other impact |
| | | | | by changing the value of ioc_number between two kernel |
| | | | | reads of that value, aka a "double fetch" vulnerability. |
| | | | | NOTE: a third party reports that this is unexploitable |
| | | | | because the doubly fetched value is not used. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12456 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9804 | bluez | 5.50-1 | In BlueZ 5.42, a buffer overflow was observed in |
| | | | | "commands_dump" function in "tools/parser/csr.c" source |
| | | | | file. The issue exists because "commands" array is |
| | | | | overflowed by supplied parameter due to lack of boundary |
| | | | | checks on size of the buffer from frame "frm->ptr" |
| | | | | parameter. This issue can be triggered by processing a |
| | | | | corrupted dump file and will result in hcidump crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9804 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9798 | bluez | 5.50-1 | In BlueZ 5.42, a use-after-free was identified in |
| | | | | "conf_opt" function in "tools/parser/l2cap.c" source |
| | | | | file. This issue can be triggered by processing a |
| | | | | corrupted dump file and will result in hcidump crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9798 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-18018 | coreutils | 8.30-3 | In GNU Coreutils through 8.29, chown-core.c in chown |
| | | | | and chgrp does not prevent replacement of a plain file |
| | | | | with a symlink during use of the POSIX "-R -L" options, |
| | | | | which allows local users to modify the ownership |
| | | | | of arbitrary files by leveraging a race condition. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-18018 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9917 | bluez | 5.50-1 | In BlueZ 5.42, a buffer overflow was observed |
| | | | | in "read_n" function in "tools/hcidump.c" source |
| | | | | file. This issue can be triggered by processing a |
| | | | | corrupted dump file and will result in hcidump crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9917 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-14159 | openldap | 2.4.47+dfsg-3+deb10u1 | slapd in OpenLDAP 2.4.45 and earlier creates a PID file |
| | | | | after dropping privileges to a non-root account, which |
| | | | | might allow local users to kill arbitrary processes by |
| | | | | leveraging access to this non-root account for PID file |
| | | | | modification before a root script executes a "kill `cat |
| | | | | /pathname`" command, as demonstrated by openldap-initscript. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-14159 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2015-3276 | openldap | 2.4.47+dfsg-3+deb10u1 | The nss_parse_ciphers function in libraries/libldap/tls_m.c |
| | | | | in OpenLDAP does not properly parse OpenSSL-style |
| | | | | multi-keyword mode cipher strings, which might cause a |
| | | | | weaker than intended cipher to be used and allow remote |
| | | | | attackers to have unspecified impact via unknown vectors. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2015-3276 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-17740 | openldap | 2.4.47+dfsg-3+deb10u1 | contrib/slapd-modules/nops/nops.c in OpenLDAP through |
| | | | | 2.4.45, when both the nops module and the memberof overlay |
| | | | | are enabled, attempts to free a buffer that was allocated on |
| | | | | the stack, which allows remote attackers to cause a denial |
| | | | | of service (slapd crash) via a member MODDN operation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-17740 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2008-3234 | openssh | 1:7.9p1-10+deb10u2 | sshd in OpenSSH 4 on Debian GNU/Linux, and the |
| | | | | 20070303 OpenSSH snapshot, allows remote authenticated |
| | | | | users to obtain access to arbitrary SELinux |
| | | | | roles by appending a :/ (colon slash) sequence, |
| | | | | followed by the role name, to the username. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2008-3234 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9799 | bluez | 5.50-1 | In BlueZ 5.42, a buffer overflow was observed in |
| | | | | "pklg_read_hci" function in "btsnoop.c" source |
| | | | | file. This issue can be triggered by processing a |
| | | | | corrupted dump file and will result in btmon crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9799 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16905 | openssh | 1:7.9p1-10+deb10u2 | OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled |
| | | | | with an experimental key type, has a pre-authentication |
| | | | | integer overflow if a client or server is configured |
| | | | | to use a crafted XMSS key. This leads to memory |
| | | | | corruption and local code execution because of an |
| | | | | error in the XMSS key parsing algorithm. NOTE: the |
| | | | | XMSS implementation is considered experimental in all |
| | | | | released OpenSSH versions, and there is no supported |
| | | | | way to enable it when building portable OpenSSH. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16905 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-6110 | openssh | 1:7.9p1-10+deb10u2 | In OpenSSH 7.9, due to accepting and displaying |
| | | | | arbitrary stderr output from the server, a malicious |
| | | | | server (or Man-in-The-Middle attacker) can manipulate |
| | | | | the client output, for example to use ANSI control |
| | | | | codes to hide additional files being transferred. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-6110 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2007-2768 | openssh | 1:7.9p1-10+deb10u2 | OpenSSH, when using OPIE (One-Time Passwords in Everything) |
| | | | | for PAM, allows remote attackers to determine the existence |
| | | | | of certain user accounts, which displays a different |
| | | | | response if the user account exists and is configured to use |
| | | | | one-time passwords (OTP), a similar issue to CVE-2007-2243. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2007-2768 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2007-2243 | openssh | 1:7.9p1-10+deb10u2 | OpenSSH 4.6 and earlier, when |
| | | | | ChallengeResponseAuthentication is enabled, allows |
| | | | | remote attackers to determine the existence of user |
| | | | | accounts by attempting to authenticate via S/KEY, |
| | | | | which displays a different response if the user |
| | | | | account exists, a similar issue to CVE-2001-1483. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2007-2243 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2012-2663 | iptables | 1.8.2-4 | extensions/libxt_tcp.c in iptables through 1.4.21 |
| | | | | does not match TCP SYN+FIN packets in --syn rules, |
| | | | | which might allow remote attackers to bypass intended |
| | | | | firewall restrictions via crafted packets. NOTE: the |
| | | | | CVE-2012-6638 fix makes this issue less relevant. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2012-2663 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-11360 | iptables | 1.8.2-4 | A buffer overflow in iptables-restore in netfilter |
| | | | | iptables 1.8.2 allows an attacker to (at least) |
| | | | | crash the program or potentially gain code execution |
| | | | | via a specially crafted iptables-save file. This |
| | | | | is related to add_param_to_argv in xshared.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-11360 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9918 | bluez | 5.50-1 | In BlueZ 5.42, an out-of-bounds read was identified |
| | | | | in "packet_hexdump" function in "monitor/packet.c" |
| | | | | source file. This issue can be triggered by processing |
| | | | | a corrupted dump file and will result in btmon crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9918 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-17522 | python2.7 | 2.7.16-2+deb10u1 | ** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 |
| | | | | does not validate strings before launching the program |
| | | | | specified by the BROWSER environment variable, which might |
| | | | | allow remote attackers to conduct argument-injection attacks |
| | | | | via a crafted URL. NOTE: a software maintainer indicates |
| | | | | that exploitation is impossible because the code relies |
| | | | | on subprocess.Popen and the default shell=False setting. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-17522 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9803 | bluez | 5.50-1 | In BlueZ 5.42, an out-of-bounds read was observed in |
| | | | | "le_meta_ev_dump" function in "tools/parser/hci.c" |
| | | | | source file. This issue exists because 'subevent' |
| | | | | (which is used to read correct element from |
| | | | | 'ev_le_meta_str' array) is overflowed. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9803 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-18348 | python2.7 | 2.7.16-2+deb10u1 | An issue was discovered in urllib2 in Python 2.x through |
| | | | | 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF |
| | | | | injection is possible if the attacker controls a url |
| | | | | parameter, as demonstrated by the first argument to |
| | | | | urllib.request.urlopen with \r\n (specifically in the |
| | | | | host component of a URL) followed by an HTTP header. |
| | | | | This is similar to the CVE-2019-9740 query string issue |
| | | | | and the CVE-2019-9947 path string issue. (This is not |
| | | | | exploitable when glibc has CVE-2016-10739 fixed.) |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-18348 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9674 | python2.7 | 2.7.16-2+deb10u1 | Lib/zipfile.py in Python through 3.7.2 allows |
| | | | | remote attackers to cause a denial of service |
| | | | | (resource consumption) via a ZIP bomb. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9674 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-5709 | krb5 | 1.17-3 | An issue was discovered in MIT Kerberos 5 (aka krb5) |
| | | | | through 1.16. There is a variable "dbentry->n_key_data" |
| | | | | in kadmin/dbutil/dump.c that can store 16-bit |
| | | | | data but unknowingly the developer has assigned |
| | | | | a "u4" variable to it, which is for 32-bit data. |
| | | | | An attacker can use this vulnerability to affect |
| | | | | other artifacts of the database as we know that a |
| | | | | Kerberos database dump file contains trusted data. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-5709 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2004-0971 | krb5 | 1.17-3 | The krb5-send-pr script in the kerberos5 (krb5) package |
| | | | | in Trustix Secure Linux 1.5 through 2.1, and possibly |
| | | | | other operating systems, allows local users to overwrite |
| | | | | files via a symlink attack on temporary files. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2004-0971 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9797 | bluez | 5.50-1 | In BlueZ 5.42, a buffer over-read was observed in |
| | | | | "l2cap_dump" function in "tools/parser/l2cap.c" source |
| | | | | file. This issue can be triggered by processing a |
| | | | | corrupted dump file and will result in hcidump crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9797 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9802 | bluez | 5.50-1 | In BlueZ 5.42, a buffer over-read was identified in |
| | | | | "l2cap_packet" function in "monitor/packet.c" source |
| | | | | file. This issue can be triggered by processing a |
| | | | | corrupted dump file and will result in btmon crash. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9802 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2011-3389 | gnutls28 | 3.6.7-4+deb10u2 | The SSL protocol, as used in certain configurations |
| | | | | in Microsoft Windows and Microsoft Internet Explorer, |
| | | | | Mozilla Firefox, Google Chrome, Opera, and other |
| | | | | products, encrypts data by using CBC mode with chained |
| | | | | initialization vectors, which allows man-in-the-middle |
| | | | | attackers to obtain plaintext HTTP headers via a blockwise |
| | | | | chosen-boundary attack (BCBA) on an HTTPS session, in |
| | | | | conjunction with JavaScript code that uses (1) the HTML5 |
| | | | | WebSocket API, (2) the Java URLConnection API, or (3) |
| | | | | the Silverlight WebClient API, aka a "BEAST" attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2011-3389 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9801 | bluez | 5.50-1 | In BlueZ 5.42, a buffer overflow was observed in |
| | | | | "set_ext_ctrl" function in "tools/parser/l2cap.c" |
| | | | | source file when processing corrupted dump file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9801 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9800 | bluez | 5.50-1 | In BlueZ 5.42, a buffer overflow was observed in |
| | | | | "pin_code_reply_dump" function in "tools/parser/hci.c" |
| | | | | source file. The issue exists because "pin" |
| | | | | array is overflowed by supplied parameter due |
| | | | | to lack of boundary checks on size of the buffer |
| | | | | from frame "pin_code_reply_cp *cp" parameter. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9800 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-6829 | libgcrypt20 | 1.8.4-5 | cipher/elgamal.c in Libgcrypt through 1.8.2, when |
| | | | | used to encrypt messages directly, improperly encodes |
| | | | | plaintexts, which allows attackers to obtain sensitive |
| | | | | information by reading ciphertext data (i.e., it does |
| | | | | not have semantic security in face of a ciphertext-only |
| | | | | attack). The Decisional Diffie-Hellman (DDH) assumption |
| | | | | does not hold for Libgcrypt's ElGamal implementation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-6829 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12904 | libgcrypt20 | 1.8.4-5 | In Libgcrypt 1.8.4, the C implementation of AES is |
| | | | | vulnerable to a flush-and-reload side-channel attack |
| | | | | because physical addresses are available to other |
| | | | | processes. (The C implementation is used on platforms |
| | | | | where an assembly-language implementation is unavailable.) |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12904 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-1000021 | git | 1:2.20.1-2+deb10u1 | GIT version 2.15.1 and earlier contains a Input |
| | | | | Validation Error vulnerability in Client that can result |
| | | | | in problems including messing up terminal configuration |
| | | | | to RCE. This attack appear to be exploitable via |
| | | | | The user must interact with a malicious git server, |
| | | | | (or have their traffic modified in a MITM attack). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-1000021 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9893 | libseccomp | 2.3.3-4 | libseccomp before 2.4.0 did not correctly generate 64-bit |
| | | | | syscall argument comparisons using the arithmetic operators |
| | | | | (LT, GT, LE, GE), which might able to lead to bypassing |
| | | | | seccomp filters and potential privilege escalations. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9893 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19054 | linux | 4.19.98-1 | A memory leak in the cx23888_ir_probe() function in |
| | | | | drivers/media/pci/cx23885/cx23888-ir.c in the Linux |
| | | | | kernel through 5.3.11 allows attackers to cause a |
| | | | | denial of service (memory consumption) by triggering |
| | | | | kfifo_alloc() failures, aka CID-a7b2df76b42b. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19054 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2020-8428 | linux | 4.19.98-1 | fs/namei.c in the Linux kernel before 5.5 has a |
| | | | | may_create_in_sticky use-after-free, which allows |
| | | | | local users to cause a denial of service (OOPS) or |
| | | | | possibly obtain sensitive information from kernel |
| | | | | memory, aka CID-d0cb50185ae9. One attack vector may |
| | | | | be an open system call for a UNIX domain socket, if |
| | | | | the socket is being moved to a new parent directory |
| | | | | and its old parent directory is being removed. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2020-8428 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18444 | openexr | 2.2.1-4.1 | makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 |
| | | | | has an out-of-bounds write, leading to an assertion |
| | | | | failure or possibly unspecified other impact. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18444 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12455 | linux | 4.19.98-1 | ** DISPUTED ** An issue was discovered in |
| | | | | sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the |
| | | | | Linux kernel through 5.1.5. There is an unchecked kstrndup |
| | | | | of derived_name, which might allow an attacker to cause |
| | | | | a denial of service (NULL pointer dereference and system |
| | | | | crash). NOTE: This id is disputed as not being an issue |
| | | | | because “The memory allocation that was not checked is part |
| | | | | of a code that only runs at boot time, before user processes |
| | | | | are started. Therefore, there is no possibility for an |
| | | | | unprivileged user to control it, and no denial of service.”. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12455 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2011-4917 | linux | 4.19.98-1 | https://security-tracker.debian.org/tracker/CVE-2011-4917 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18443 | openexr | 2.2.1-4.1 | OpenEXR 2.3.0 has a memory leak in ThreadPool |
| | | | | in IlmBase/IlmThread/IlmThreadPool.cpp, |
| | | | | as demonstrated by exrmultiview. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18443 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-14988 | openexr | 2.2.1-4.1 | ** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in |
| | | | | OpenEXR 2.2.0 allows remote attackers to cause a denial of |
| | | | | service (excessive memory allocation) via a crafted file |
| | | | | that is accessed with the ImfOpenInputFile function in |
| | | | | IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple |
| | | | | third parties believe that this vulnerability isn't valid. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-14988 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12615 | linux | 4.19.98-1 | An issue was discovered in get_vdev_port_node_info |
| | | | | in arch/sparc/kernel/mdesc.c in the Linux kernel |
| | | | | through 5.1.6. There is an unchecked kstrdup_const |
| | | | | of node_info->vdev_port.name, which might |
| | | | | allow an attacker to cause a denial of service |
| | | | | (NULL pointer dereference and system crash). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12615 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9192 | glibc | 2.28-10 | ** DISPUTED ** In the GNU C Library (aka glibc or |
| | | | | libc6) through 2.29, check_dst_limits_calc_pos_1 |
| | | | | in posix/regexec.c has Uncontrolled Recursion, as |
| | | | | demonstrated by '(|)(\\1\\1)*' in grep, a different |
| | | | | issue than CVE-2018-20796. NOTE: the software |
| | | | | maintainer disputes that this is a vulnerability because |
| | | | | the behavior occurs only with a crafted pattern. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9192 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2010-4756 | glibc | 2.28-10 | The glob implementation in the GNU C Library (aka glibc |
| | | | | or libc6) allows remote authenticated users to cause a |
| | | | | denial of service (CPU and memory consumption) via crafted |
| | | | | glob expressions that do not match any pathnames, as |
| | | | | demonstrated by glob expressions in STAT commands to an |
| | | | | FTP daemon, a different vulnerability than CVE-2010-2632. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2010-4756 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-1010025 | glibc | 2.28-10 | ** DISPUTED ** GNU Libc current is affected by: |
| | | | | Mitigation bypass. The impact is: Attacker may guess |
| | | | | the heap addresses of pthread_created thread. The |
| | | | | component is: glibc. NOTE: the vendor's position |
| | | | | is "ASLR bypass itself is not a vulnerability." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-1010025 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-1010023 | glibc | 2.28-10 | GNU Libc current is affected by: Re-mapping current loaded |
| | | | | libray with malicious ELF file. The impact is: In worst |
| | | | | case attacker may evaluate privileges. The component is: |
| | | | | libld. The attack vector is: Attacker sends 2 ELF files |
| | | | | to victim and asks to run ldd on it. ldd execute code. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-1010023 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20796 | glibc | 2.28-10 | In the GNU C Library (aka glibc or libc6) through |
| | | | | 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c |
| | | | | has Uncontrolled Recursion, as demonstrated |
| | | | | by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20796 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-1010024 | glibc | 2.28-10 | GNU Libc current is affected by: Mitigation bypass. |
| | | | | The impact is: Attacker may bypass ASLR using cache |
| | | | | of thread stack and heap. The component is: glibc. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-1010024 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-1010022 | glibc | 2.28-10 | GNU Libc current is affected by: Mitigation bypass. |
| | | | | The impact is: Attacker may bypass stack guard |
| | | | | protection. The component is: nptl. The attack vector |
| | | | | is: Exploit stack buffer overflow vulnerability and |
| | | | | use this bypass vulnerability to bypass stack guard. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-1010022 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19126 | glibc | 2.28-10 | On the x86-64 architecture, the GNU C Library (aka glibc) |
| | | | | before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC |
| | | | | environment variable during program execution after |
| | | | | a security transition, allowing local attackers to |
| | | | | restrict the possible mapping addresses for loaded |
| | | | | libraries and thus bypass ASLR for a setuid program. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19126 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16089 | linux | 4.19.98-1 | An issue was discovered in the Linux kernel through |
| | | | | 5.2.13. nbd_genl_status in drivers/block/nbd.c does |
| | | | | not check the nla_nest_start_noflag return value. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16089 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2010-4052 | glibc | 2.28-10 | Stack consumption vulnerability in the regcomp |
| | | | | implementation in the GNU C Library (aka glibc or |
| | | | | libc6) through 2.11.3, and 2.12.x through 2.12.2, |
| | | | | allows context-dependent attackers to cause a |
| | | | | denial of service (resource exhaustion) via a |
| | | | | regular expression containing adjacent repetition |
| | | | | operators, as demonstrated by a {10,}{10,}{10,}{10,} |
| | | | | sequence in the proftpd.gnu.c exploit for ProFTPD. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2010-4052 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2010-4051 | glibc | 2.28-10 | The regcomp implementation in the GNU C Library (aka |
| | | | | glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, |
| | | | | allows context-dependent attackers to cause a denial |
| | | | | of service (application crash) via a regular expression |
| | | | | containing adjacent bounded repetitions that bypass the |
| | | | | intended RE_DUP_MAX limitation, as demonstrated by a |
| | | | | {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c |
| | | | | exploit for ProFTPD, related to a "RE_DUP_MAX overflow." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2010-4051 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16229 | linux | 4.19.98-1 | ** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in |
| | | | | the Linux kernel 5.2.14 does not check the alloc_workqueue |
| | | | | return value, leading to a NULL pointer dereference. |
| | | | | NOTE: The security community disputes this issues as |
| | | | | not being serious enough to be deserving a CVE id. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16229 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2013-0340 | expat | 2.2.6-2+deb10u1 | expat 2.1.0 and earlier does not properly handle |
| | | | | entities expansion unless an application developer uses |
| | | | | the XML_SetEntityDeclHandler function, which allows |
| | | | | remote attackers to cause a denial of service (resource |
| | | | | consumption), send HTTP requests to intranet servers, |
| | | | | or read arbitrary files via a crafted XML document, aka |
| | | | | an XML External Entity (XXE) issue. NOTE: it could be |
| | | | | argued that because expat already provides the ability to |
| | | | | disable external entity expansion, the responsibility for |
| | | | | resolving this issue lies with application developers; |
| | | | | according to this argument, this entry should be REJECTed, |
| | | | | and each affected application would need its own CVE. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2013-0340 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20846 | openjpeg2 | 2.3.0-2+deb10u1 | Out-of-bounds accesses in the functions pi_next_lrcp, |
| | | | | pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, |
| | | | | pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in |
| | | | | OpenJPEG through 2.3.0 allow remote attackers to |
| | | | | cause a denial of service (application crash). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20846 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12973 | openjpeg2 | 2.3.0-2+deb10u1 | In OpenJPEG 2.3.1, there is excessive iteration in |
| | | | | the opj_t1_encode_cblks function of openjp2/t1.c. |
| | | | | Remote attackers could leverage this vulnerability |
| | | | | to cause a denial of service via a crafted bmp |
| | | | | file. This issue is similar to CVE-2018-6616. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12973 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9116 | openjpeg2 | 2.3.0-2+deb10u1 | NULL Pointer Access in function imagetopnm of |
| | | | | convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial |
| | | | | of Service. Someone must open a crafted j2k file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9116 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20845 | openjpeg2 | 2.3.0-2+deb10u1 | Division-by-zero vulnerabilities in the functions |
| | | | | pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c |
| | | | | in OpenJPEG through 2.3.0 allow remote attackers |
| | | | | to cause a denial of service (application crash). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20845 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9115 | openjpeg2 | 2.3.0-2+deb10u1 | Heap Buffer Over-read in function imagetotga of |
| | | | | convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial |
| | | | | of Service. Someone must open a crafted j2k file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9115 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19050 | linux | 4.19.98-1 | A memory leak in the crypto_reportstat() function |
| | | | | in crypto/crypto_user_stat.c in the Linux kernel |
| | | | | through 5.3.11 allows attackers to cause a denial |
| | | | | of service (memory consumption) by triggering |
| | | | | crypto_reportstat_alg() failures, aka CID-c03b04dcdba1. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19050 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-7648 | openjpeg2 | 2.3.0-2+deb10u1 | An issue was discovered in mj2/opj_mj2_extract.c in |
| | | | | OpenJPEG 2.3.0. The output prefix was not checked for |
| | | | | length, which could overflow a buffer, when providing a |
| | | | | prefix with 50 or more characters on the command line. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-7648 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-6951 | patch | 2.7.6-3+deb10u1 | An issue was discovered in GNU patch through |
| | | | | 2.7.6. There is a segmentation fault, associated |
| | | | | with a NULL pointer dereference, leading to |
| | | | | a denial of service in the intuit_diff_type |
| | | | | function in pch.c, aka a "mangled rename" issue. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-6951 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-16375 | openjpeg2 | 2.3.0-2+deb10u1 | An issue was discovered in OpenJPEG 2.3.0. Missing |
| | | | | checks for header_info.height and header_info.width |
| | | | | in the function pnmtoimage in bin/jpwl/convert.c |
| | | | | can lead to a heap-based buffer overflow. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-16375 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-5727 | openjpeg2 | 2.3.0-2+deb10u1 | In OpenJPEG 2.3.0, there is an integer overflow |
| | | | | vulnerability in the opj_t1_encode_cblks |
| | | | | function (openjp2/t1.c). Remote attackers |
| | | | | could leverage this vulnerability to cause |
| | | | | a denial of service via a crafted bmp file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-5727 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9114 | openjpeg2 | 2.3.0-2+deb10u1 | There is a NULL Pointer Access in function |
| | | | | imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. |
| | | | | image->comps[compno].data is not assigned a value after |
| | | | | initialization(NULL). Impact is Denial of Service. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9114 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16234 | linux | 4.19.98-1 | drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the |
| | | | | Linux kernel 5.2.14 does not check the alloc_workqueue |
| | | | | return value, leading to a NULL pointer dereference. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16234 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9580 | openjpeg2 | 2.3.0-2+deb10u1 | An integer overflow vulnerability was |
| | | | | found in tiftoimage function in openjpeg |
| | | | | 2.1.2, resulting in heap buffer overflow. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9580 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9117 | openjpeg2 | 2.3.0-2+deb10u1 | NULL Pointer Access in function imagetopnm of |
| | | | | convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial |
| | | | | of Service. Someone must open a crafted j2k file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9117 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-10505 | openjpeg2 | 2.3.0-2+deb10u1 | NULL pointer dereference vulnerabilities in the imagetopnm |
| | | | | function in convert.c, sycc444_to_rgb function in |
| | | | | color.c, color_esycc_to_rgb function in color.c, and |
| | | | | sycc422_to_rgb function in color.c in OpenJPEG before |
| | | | | 2.2.0 allow remote attackers to cause a denial of |
| | | | | service (application crash) via crafted j2k files. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-10505 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-16376 | openjpeg2 | 2.3.0-2+deb10u1 | An issue was discovered in OpenJPEG 2.3.0. A heap-based |
| | | | | buffer overflow was discovered in the function |
| | | | | t2_encode_packet in lib/openmj2/t2.c. The vulnerability |
| | | | | causes an out-of-bounds write, which may lead to remote |
| | | | | denial of service or possibly unspecified other impact. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-16376 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9113 | openjpeg2 | 2.3.0-2+deb10u1 | There is a NULL pointer dereference in function |
| | | | | imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. |
| | | | | image->comps[0].data is not assigned a value after |
| | | | | initialization(NULL). Impact is Denial of Service. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9113 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9581 | openjpeg2 | 2.3.0-2+deb10u1 | An infinite loop vulnerability in tiftoimage |
| | | | | that results in heap buffer overflow in |
| | | | | convert_32s_C1P1 was found in openjpeg 2.1.2. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9581 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-17479 | openjpeg2 | 2.3.0-2+deb10u1 | In OpenJPEG 2.3.0, a stack-based buffer overflow |
| | | | | was discovered in the pgxtoimage function in |
| | | | | jpwl/convert.c. The vulnerability causes an |
| | | | | out-of-bounds write, which may lead to remote denial |
| | | | | of service or possibly remote code execution. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-17479 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-10506 | openjpeg2 | 2.3.0-2+deb10u1 | Division-by-zero vulnerabilities in the |
| | | | | functions opj_pi_next_cprl, opj_pi_next_pcrl, |
| | | | | and opj_pi_next_rpcl in pi.c in OpenJPEG before |
| | | | | 2.2.0 allow remote attackers to cause a denial of |
| | | | | service (application crash) via crafted j2k files. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-10506 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-9085 | libwebp | 0.6.1-2 | Multiple integer overflows in libwebp allows attackers |
| | | | | to have unspecified impact via unknown vectors. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9085 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16232 | linux | 4.19.98-1 | drivers/net/wireless/marvell/libertas/if_sdio.c in the |
| | | | | Linux kernel 5.2.14 does not check the alloc_workqueue |
| | | | | return value, leading to a NULL pointer dereference. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16232 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16712 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-43 has a memory leak |
| | | | | in Huffman2DEncodeImage in coders/ps3.c, |
| | | | | as demonstrated by WritePS3Image. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16712 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-13309 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has memory leaks at |
| | | | | AcquireMagickMemory because of mishandling the NoSuchImage |
| | | | | error in CLIListOperatorImages in MagickWand/operation.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13309 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-11754 | imagemagick | 8:6.9.10.23+dfsg-2.1 | The WritePICONImage function in coders/xpm.c in |
| | | | | ImageMagick 7.0.6-4 allows remote attackers to cause |
| | | | | a denial of service (memory leak) via a crafted |
| | | | | file that is mishandled in an OpenPixelCache call. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-11754 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2014-9892 | linux | 4.19.98-1 | The snd_compr_tstamp function in |
| | | | | sound/core/compress_offload.c in the Linux kernel through |
| | | | | 4.7, as used in Android before 2016-08-05 on Nexus 5 and |
| | | | | 7 (2013) devices, does not properly initialize a timestamp |
| | | | | data structure, which allows attackers to obtain sensitive |
| | | | | information via a crafted application, aka Android |
| | | | | internal bug 28770164 and Qualcomm internal bug CR568717. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2014-9892 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19067 | linux | 4.19.98-1 | ** DISPUTED ** Four memory leaks in the acp_hw_init() |
| | | | | function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in |
| | | | | the Linux kernel before 5.3.8 allow attackers to cause |
| | | | | a denial of service (memory consumption) by triggering |
| | | | | mfd_add_hotplug_devices() or pm_genpd_add_device() |
| | | | | failures, aka CID-57be09c6e874. NOTE: third parties |
| | | | | dispute the relevance of this because the attacker |
| | | | | must already have privileges for module loading. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19067 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-3016 | linux | 4.19.98-1 | In a Linux KVM guest that has PV TLB enabled, a process |
| | | | | in the guest kernel may be able to read memory locations |
| | | | | from another process in the same guest. This problem is |
| | | | | limit to the host running linux kernel 4.10 with a guest |
| | | | | running linux kernel 4.16 or later. The problem mainly |
| | | | | affects AMD processors but Intel CPUs cannot be ruled out. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-3016 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19072 | linux | 4.19.98-1 | A memory leak in the predicate_parse() function in |
| | | | | kernel/trace/trace_events_filter.c in the Linux kernel |
| | | | | through 5.3.11 allows attackers to cause a denial of |
| | | | | service (memory consumption), aka CID-96c5c6e6a5b6. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19072 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-7395 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick before 7.0.8-25, a memory leak |
| | | | | exists in WritePSDChannel in coders/psd.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-7395 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12380 | linux | 4.19.98-1 | **DISPUTED** An issue was discovered in the |
| | | | | efi subsystem in the Linux kernel through |
| | | | | 5.1.5. phys_efi_set_virtual_address_map in |
| | | | | arch/x86/platform/efi/efi.c and efi_call_phys_prolog |
| | | | | in arch/x86/platform/efi/efi_64.c mishandle memory |
| | | | | allocation failures. NOTE: This id is disputed as |
| | | | | not being an issue because “All the code touched by |
| | | | | the referenced commit runs only at boot, before any |
| | | | | user processes are started. Therefore, there is no |
| | | | | possibility for an unprivileged user to control it.”. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12380 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12976 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-34 has a memory leak in |
| | | | | the ReadPCLImage function in coders/pcl.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12976 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-13693 | linux | 4.19.98-1 | The acpi_ds_create_operands() function in |
| | | | | drivers/acpi/acpica/dsutils.c in the Linux kernel |
| | | | | through 4.12.9 does not flush the operand cache |
| | | | | and causes a kernel stack dump, which allows local |
| | | | | users to obtain sensitive information from kernel |
| | | | | memory and bypass the KASLR protection mechanism (in |
| | | | | the kernel through 4.9) via a crafted ACPI table. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13693 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16230 | linux | 4.19.98-1 | ** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in |
| | | | | the Linux kernel 5.2.14 does not check the alloc_workqueue |
| | | | | return value, leading to a NULL pointer dereference. NOTE: |
| | | | | A third-party software maintainer states that the work queue |
| | | | | allocation is happening during device initialization, which |
| | | | | for a graphics card occurs during boot. It is not attacker |
| | | | | controllable and OOM at that time is highly unlikely. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16230 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16711 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-40 has a memory leak |
| | | | | in Huffman2DEncodeImage in coders/ps2.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16711 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16233 | linux | 4.19.98-1 | drivers/scsi/qla2xxx/qla_os.c in the Linux kernel |
| | | | | 5.2.14 does not check the alloc_workqueue return |
| | | | | value, leading to a NULL pointer dereference. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16233 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-13311 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has memory leaks at |
| | | | | AcquireMagickMemory because of a wand/mogrify.c error. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13311 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12975 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-34 has a memory leak vulnerability |
| | | | | in the WriteDPXImage function in coders/dpx.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12975 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16713 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, |
| | | | | as demonstrated by PingImage in MagickCore/constitute.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16713 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19462 | linux | 4.19.98-1 | relay_open in kernel/relay.c in the Linux kernel through |
| | | | | 5.4.1 allows local users to cause a denial of service (such |
| | | | | as relay blockage) by triggering a NULL alloc_percpu result. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19462 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19046 | linux | 4.19.98-1 | ** DISPUTED ** A memory leak in the __ipmi_bmc_register() |
| | | | | function in drivers/char/ipmi/ipmi_msghandler.c in the |
| | | | | Linux kernel through 5.3.11 allows attackers to cause |
| | | | | a denial of service (memory consumption) by triggering |
| | | | | ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third |
| | | | | parties dispute the relevance of this because an attacker |
| | | | | cannot realistically control this failure at probe time. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19046 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16710 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as |
| | | | | demonstrated by AcquireMagickMemory in MagickCore/memory.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16710 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2008-4609 | linux | 4.19.98-1 | The TCP implementation in (1) Linux, (2) platforms based |
| | | | | on BSD Unix, (3) Microsoft Windows, (4) Cisco products, |
| | | | | and probably other operating systems allows remote |
| | | | | attackers to cause a denial of service (connection queue |
| | | | | exhaustion) via multiple vectors that manipulate information |
| | | | | in the TCP state table, as demonstrated by sockstress. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2008-4609 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-11755 | imagemagick | 8:6.9.10.23+dfsg-2.1 | The WritePICONImage function in coders/xpm.c in |
| | | | | ImageMagick 7.0.6-4 allows remote attackers to cause |
| | | | | a denial of service (memory leak) via a crafted file |
| | | | | that is mishandled in an AcquireSemaphoreInfo call. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-11755 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20669 | linux | 4.19.98-1 | An issue where a provided address with access_ok() is |
| | | | | not checked was discovered in i915_gem_execbuffer2_ioctl |
| | | | | in drivers/gpu/drm/i915/i915_gem_execbuffer.c |
| | | | | in the Linux kernel through 4.19.13. A local |
| | | | | attacker can craft a malicious IOCTL function call |
| | | | | to overwrite arbitrary kernel memory, resulting |
| | | | | in a Denial of Service or privilege escalation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20669 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2005-3660 | linux | 4.19.98-1 | Linux kernel 2.4 and 2.6 allows attackers to cause a denial |
| | | | | of service (memory exhaustion and panic) by creating a |
| | | | | large number of connected file descriptors or socketpairs |
| | | | | and setting a large data transfer buffer, then preventing |
| | | | | Linux from being able to finish the transfer by causing |
| | | | | the process to become a zombie, or closing the file |
| | | | | descriptor without closing an associated reference. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2005-3660 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19061 | linux | 4.19.98-1 | A memory leak in the adis_update_scan_mode_burst() |
| | | | | function in drivers/iio/imu/adis_buffer.c in the Linux |
| | | | | kernel before 5.3.9 allows attackers to cause a denial |
| | | | | of service (memory consumption), aka CID-9c0530e898f3. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19061 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12382 | linux | 4.19.98-1 | ** DISPUTED ** An issue was discovered in |
| | | | | drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c |
| | | | | in the Linux kernel through 5.1.5. There is an |
| | | | | unchecked kstrdup of fwstr, which might allow an |
| | | | | attacker to cause a denial of service (NULL pointer |
| | | | | dereference and system crash). NOTE: The vendor disputes |
| | | | | this issues as not being a vulnerability because |
| | | | | kstrdup() returning NULL is handled sufficiently and |
| | | | | there is no chance for a NULL pointer dereference. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12382 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-10649 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.0.8-36 Q16, there is a memory |
| | | | | leak in the function SVGKeyValuePairs of |
| | | | | coders/svg.c, which allows an attacker to cause |
| | | | | a denial of service via a crafted image file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-10649 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-8043 | linux | 4.19.98-1 | The unimac_mdio_probe function in |
| | | | | drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel |
| | | | | through 4.15.8 does not validate certain resource |
| | | | | availability, which allows local users to cause |
| | | | | a denial of service (NULL pointer dereference). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-8043 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2012-4542 | linux | 4.19.98-1 | block/scsi_ioctl.c in the Linux kernel through 3.8 |
| | | | | does not properly consider the SCSI device class during |
| | | | | authorization of SCSI commands, which allows local |
| | | | | users to bypass intended access restrictions via an |
| | | | | SG_IO ioctl call that leverages overlapping opcodes. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2012-4542 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16709 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-35 has a memory leak in |
| | | | | coders/dps.c, as demonstrated by XCreateImage. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16709 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2010-5321 | linux | 4.19.98-1 | Memory leak in drivers/media/video/videobuf-core.c in |
| | | | | the videobuf subsystem in the Linux kernel 2.6.x through |
| | | | | 4.x allows local users to cause a denial of service |
| | | | | (memory consumption) by leveraging /dev/video access for |
| | | | | a series of mmap calls that require new allocations, a |
| | | | | different vulnerability than CVE-2007-6761. NOTE: as |
| | | | | of 2016-06-18, this affects only 11 drivers that have |
| | | | | not been updated to use videobuf2 instead of videobuf. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2010-5321 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19070 | linux | 4.19.98-1 | ** DISPUTED ** A memory leak in the spi_gpio_probe() |
| | | | | function in drivers/spi/spi-gpio.c in the Linux |
| | | | | kernel through 5.3.11 allows attackers to cause |
| | | | | a denial of service (memory consumption) by |
| | | | | triggering devm_add_action_or_reset() failures, |
| | | | | aka CID-d3b0ffa1d75d. NOTE: third parties dispute |
| | | | | the relevance of this because the system must have |
| | | | | already been out of memory before the probe began. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19070 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-13301 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has memory leaks in |
| | | | | AcquireMagickMemory because of an AnnotateImage error. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13301 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-7275 | imagemagick | 8:6.9.10.23+dfsg-2.1 | The ReadPCXImage function in coders/pcx.c in ImageMagick |
| | | | | 7.0.4.9 allows remote attackers to cause a denial of service |
| | | | | (attempted large memory allocation and application crash) |
| | | | | via a crafted file. NOTE: this vulnerability exists because |
| | | | | of an incomplete fix for CVE-2016-8862 and CVE-2016-8866. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-7275 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16708 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-35 has a memory leak in |
| | | | | magick/xwindow.c, related to XCreateImage. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16708 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2005-0406 | imagemagick | 8:6.9.10.23+dfsg-2.1 | A design flaw in image processing software that |
| | | | | modifies JPEG images might not modify the original |
| | | | | EXIF thumbnail, which could lead to an information |
| | | | | leak of potentially sensitive visual information |
| | | | | that had been removed from the main JPEG image. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2005-0406 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2008-3134 | imagemagick | 8:6.9.10.23+dfsg-2.1 | Multiple unspecified vulnerabilities in GraphicsMagick |
| | | | | before 1.2.4 allow remote attackers to cause a denial of |
| | | | | service (crash, infinite loop, or memory consumption) via |
| | | | | (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, |
| | | | | (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) |
| | | | | TGA decoder readers; and (b) the GetImageCharacteristics |
| | | | | function in magick/image.c, as reachable from a crafted |
| | | | | (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2008-3134 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-15607 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 |
| | | | | 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 |
| | | | | 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several |
| | | | | minutes during which CPU and memory resources are consumed |
| | | | | until ultimately an attempted large memory allocation |
| | | | | fails. Remote attackers could leverage this vulnerability |
| | | | | to cause a denial of service via a crafted file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-15607 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12381 | linux | 4.19.98-1 | ** DISPUTED ** An issue was discovered in ip_ra_control |
| | | | | in net/ipv4/ip_sockglue.c in the Linux kernel through |
| | | | | 5.1.5. There is an unchecked kmalloc of new_ra, which |
| | | | | might allow an attacker to cause a denial of service |
| | | | | (NULL pointer dereference and system crash). NOTE: this |
| | | | | is disputed because new_ra is never used if it is NULL. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12381 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-13310 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick 7.0.8-50 Q16 has memory |
| | | | | leaks at AcquireMagickMemory because |
| | | | | of an error in MagickWand/mogrify.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13310 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12378 | linux | 4.19.98-1 | ** DISPUTED ** An issue was discovered in ip6_ra_control |
| | | | | in net/ipv6/ipv6_sockglue.c in the Linux kernel |
| | | | | through 5.1.5. There is an unchecked kmalloc of |
| | | | | new_ra, which might allow an attacker to cause a |
| | | | | denial of service (NULL pointer dereference and system |
| | | | | crash). NOTE: This has been disputed as not an issue. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12378 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2004-0230 | linux | 4.19.98-1 | TCP, when using a large Window Size, makes it |
| | | | | easier for remote attackers to guess sequence |
| | | | | numbers and cause a denial of service (connection |
| | | | | loss) to persistent TCP connections by repeatedly |
| | | | | injecting a TCP RST packet, especially in protocols |
| | | | | that use long-lived connections, such as BGP. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2004-0230 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-7175 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick before 7.0.8-25, some memory |
| | | | | leaks exist in DecodeImage in coders/pcd.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-7175 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2007-3719 | linux | 4.19.98-1 | The process scheduler in the Linux kernel 2.6.16 gives |
| | | | | preference to "interactive" processes that perform voluntary |
| | | | | sleeps, which allows local users to cause a denial of |
| | | | | service (CPU consumption), as described in "Secretly |
| | | | | Monopolizing the CPU Without Superuser Privileges." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2007-3719 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19083 | linux | 4.19.98-1 | Memory leaks in *clock_source_create() functions |
| | | | | under drivers/gpu/drm/amd/display/dc in the Linux |
| | | | | kernel before 5.3.8 allow attackers to cause |
| | | | | a denial of service (memory consumption). This |
| | | | | affects the dce112_clock_source_create() function in |
| | | | | drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c, |
| | | | | the dce100_clock_source_create() function in |
| | | | | drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c, |
| | | | | the dcn10_clock_source_create() function in |
| | | | | drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, |
| | | | | the dcn20_clock_source_create() function in |
| | | | | drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, |
| | | | | the dce120_clock_source_create() function in |
| | | | | drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c, |
| | | | | the dce110_clock_source_create() function in |
| | | | | drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c, |
| | | | | and the dce80_clock_source_create() function in |
| | | | | drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, |
| | | | | aka CID-055e547478a1. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19083 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-7398 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick before 7.0.8-25, a memory leak |
| | | | | exists in WriteDIBImage in coders/dib.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-7398 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-7397 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick before 7.0.8-25 and |
| | | | | GraphicsMagick through 1.3.31, several memory |
| | | | | leaks exist in WritePDFImage in coders/pdf.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-7397 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-7396 | imagemagick | 8:6.9.10.23+dfsg-2.1 | In ImageMagick before 7.0.8-25, a memory leak |
| | | | | exists in ReadSIXELImage in coders/sixel.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-7396 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2016-8678 | imagemagick | 8:6.9.10.23+dfsg-2.1 | The IsPixelMonochrome function in |
| | | | | MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows |
| | | | | remote attackers to cause a denial of service (out-of-bounds |
| | | | | read and crash) via a crafted file. NOTE: the vendor |
| | | | | says "This is a Q64 issue and we do not support Q64." |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-8678 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-13137 | imagemagick | 8:6.9.10.23+dfsg-2.1 | ImageMagick before 7.0.8-50 has a memory leak |
| | | | | vulnerability in the function ReadPSImage in coders/ps.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-13137 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-1000654 | libtasn1-6 | 4.13-3 | GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, |
| | | | | libtasn1-4.12 contains a DoS, specifically CPU usage |
| | | | | will reach 100% when running asn1Paser against the POC |
| | | | | due to an issue in _asn1_expand_object_id(p_tree), after |
| | | | | a long time, the program will be killed. This attack |
| | | | | appears to be exploitable via parsing a crafted file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-1000654 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2008-1687 | m4 | 1.4.18-2 | The (1) maketemp and (2) mkstemp builtin functions in |
| | | | | GNU m4 before 1.4.11 do not quote their output when a |
| | | | | file is created, which might allow context-dependent |
| | | | | attackers to trigger a macro expansion, leading |
| | | | | to unspecified use of an incorrect filename. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2008-1687 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2008-1688 | m4 | 1.4.18-2 | Unspecified vulnerability in GNU m4 before 1.4.11 |
| | | | | might allow context-dependent attackers to execute |
| | | | | arbitrary code, related to improper handling of |
| | | | | filenames specified with the -F option. NOTE: it is |
| | | | | not clear when this issue crosses privilege boundaries. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2008-1688 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-18808 | linux | 4.19.98-1 | A memory leak in the ccp_run_sha_cmd() function in |
| | | | | drivers/crypto/ccp/ccp-ops.c in the Linux kernel |
| | | | | through 5.3.9 allows attackers to cause a denial of |
| | | | | service (memory consumption), aka CID-128c66429247. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-18808 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2011-3374 | apt | 1.8.2 | It was found that apt-key in apt, all versions, do not |
| | | | | correctly validate gpg keys with the master keyring, |
| | | | | leading to a potential man-in-the-middle attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2011-3374 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-7245 | pcre3 | 2:8.39-12 | Stack-based buffer overflow in the pcre32_copy_substring |
| | | | | function in pcre_get.c in libpcre1 in PCRE |
| | | | | 8.40 allows remote attackers to cause a denial |
| | | | | of service (WRITE of size 4) or possibly have |
| | | | | unspecified other impact via a crafted file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-7245 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-16231 | pcre3 | 2:8.39-12 | ** DISPUTED ** In PCRE 8.41, after compiling, a pcretest |
| | | | | load test PoC produces a crash overflow in the function |
| | | | | match() in pcre_exec.c because of a self-recursive |
| | | | | call. NOTE: third parties dispute the relevance of |
| | | | | this report, noting that there are options that can |
| | | | | be used to limit the amount of stack that is used. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16231 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-7246 | pcre3 | 2:8.39-12 | Stack-based buffer overflow in the pcre32_copy_substring |
| | | | | function in pcre_get.c in libpcre1 in PCRE 8.40 |
| | | | | allows remote attackers to cause a denial of |
| | | | | service (WRITE of size 268) or possibly have |
| | | | | unspecified other impact via a crafted file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-7246 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-11164 | pcre3 | 2:8.39-12 | In PCRE 8.41, the OP_KETRMAX feature in the match function |
| | | | | in pcre_exec.c allows stack exhaustion (uncontrolled |
| | | | | recursion) when processing a crafted regular expression. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-11164 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-17973 | tiff | 4.1.0+git191117-2~deb10u1 | ** DISPUTED ** In LibTIFF 4.0.8, there is a |
| | | | | heap-based use-after-free in the t2p_writeproc |
| | | | | function in tiff2pdf.c. NOTE: there is a third-party |
| | | | | report of inability to reproduce this issue. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-17973 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-10126 | tiff | 4.1.0+git191117-2~deb10u1 | LibTIFF 4.0.9 has a NULL pointer dereference |
| | | | | in the jpeg_fdct_16x16 function in jfdctint.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-10126 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2014-8130 | tiff | 4.1.0+git191117-2~deb10u1 | The _TIFFmalloc function in tif_unix.c in LibTIFF |
| | | | | 4.0.3 does not reject a zero size, which allows remote |
| | | | | attackers to cause a denial of service (divide-by-zero |
| | | | | error and application crash) via a crafted TIFF image |
| | | | | that is mishandled by the TIFFWriteScanline function |
| | | | | in tif_write.c, as demonstrated by tiffdither. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2014-8130 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-16231 | linux | 4.19.98-1 | drivers/net/fjes/fjes_main.c in the Linux kernel |
| | | | | 5.2.14 does not check the alloc_workqueue return |
| | | | | value, leading to a NULL pointer dereference. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-16231 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-9117 | tiff | 4.1.0+git191117-2~deb10u1 | In LibTIFF 4.0.7, the program processes BMP images |
| | | | | without verifying that biWidth and biHeight in the |
| | | | | bitmap-information header match the actual input, |
| | | | | leading to a heap-based buffer over-read in bmp2tiff. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9117 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-16232 | tiff | 4.1.0+git191117-2~deb10u1 | ** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak |
| | | | | vulnerabilities, which allow attackers to cause a |
| | | | | denial of service (memory consumption), as demonstrated |
| | | | | by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: |
| | | | | Third parties were unable to reproduce the issue. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16232 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-5563 | tiff | 4.1.0+git191117-2~deb10u1 | LibTIFF version 4.0.7 is vulnerable to a heap-based |
| | | | | buffer over-read in tif_lzw.c resulting in DoS or code |
| | | | | execution via a crafted bmp image to tools/bmp2tiff. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-5563 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-15213 | linux | 4.19.98-1 | An issue was discovered in the Linux kernel before 5.2.3. |
| | | | | There is a use-after-free caused by a malicious USB device |
| | | | | in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-15213 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2013-4235 | shadow | 1:4.5-1.1 | shadow: TOCTOU (time-of-check time-of-use) race |
| | | | | condition when copying and removing directory trees |
| | | | | https://security-tracker.debian.org/tracker/CVE-2013-4235 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19882 | shadow | 1:4.5-1.1 | shadow 4.8, in certain circumstances affecting at |
| | | | | least Gentoo, Arch Linux, and Void Linux, allows local |
| | | | | users to obtain root access because setuid programs are |
| | | | | misconfigured. Specifically, this affects shadow 4.8 |
| | | | | when compiled using --with-libpam but without explicitly |
| | | | | passing --disable-account-tools-setuid, and without a |
| | | | | PAM configuration suitable for use with setuid account |
| | | | | management tools. This combination leads to account |
| | | | | management tools (groupadd, groupdel, groupmod, useradd, |
| | | | | userdel, usermod) that can easily be used by unprivileged |
| | | | | local users to escalate privileges to root in multiple |
| | | | | ways. This issue became much more relevant in approximately |
| | | | | December 2019 when an unrelated bug was fixed (i.e., |
| | | | | the chmod calls to suidusbins were fixed in the upstream |
| | | | | Makefile which is now included in the release version 4.8). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19882 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2007-5686 | shadow | 1:4.5-1.1 | initscripts in rPath Linux 1 sets insecure permissions for |
| | | | | the /var/log/btmp file, which allows local users to obtain |
| | | | | sensitive information regarding authentication attempts. |
| | | | | NOTE: because sshd detects the insecure permissions and |
| | | | | does not log certain events, this also prevents sshd from |
| | | | | logging failed authentication attempts by remote attackers. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2007-5686 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-11191 | linux | 4.19.98-1 | ** DISPUTED ** The Linux kernel through 5.0.7, when |
| | | | | CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows |
| | | | | local users to bypass ASLR on setuid a.out programs (if |
| | | | | any exist) because install_exec_creds() is called too |
| | | | | late in load_aout_binary() in fs/binfmt_aout.c, and thus |
| | | | | the ptrace_may_access() check has a race condition when |
| | | | | reading /proc/pid/stat. NOTE: the software maintainer |
| | | | | disputes that this is a vulnerability because ASLR for |
| | | | | a.out format executables has never been supported. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-11191 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-19064 | linux | 4.19.98-1 | ** DISPUTED ** A memory leak in the fsl_lpspi_probe() |
| | | | | function in drivers/spi/spi-fsl-lpspi.c in the Linux kernel |
| | | | | through 5.3.11 allows attackers to cause a denial of service |
| | | | | (memory consumption) by triggering pm_runtime_get_sync() |
| | | | | failures, aka CID-057b8945f78f. NOTE: third parties |
| | | | | dispute the relevance of this because an attacker cannot |
| | | | | realistically control these failures at probe time. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-19064 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-1121 | linux | 4.19.98-1 | procps-ng, procps is vulnerable to a process hiding through |
| | | | | race condition. Since the kernel's proc_pid_readdir() |
| | | | | returns PID entries in ascending numeric order, a |
| | | | | process occupying a high PID can use inotify events |
| | | | | to determine when the process list is being scanned, |
| | | | | and fork/exec to obtain a lower PID, thus avoiding |
| | | | | enumeration. An unprivileged attacker can hide a |
| | | | | process from procps-ng's utilities by exploiting a |
| | | | | race condition in reading /proc/PID entries. This |
| | | | | vulnerability affects procps and procps-ng up to |
| | | | | version 3.3.15, newer versions might be affected also. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-1121 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-17450 | binutils | 2.31.1-16 | find_abstract_instance in dwarf2.c in the Binary File |
| | | | | Descriptor (BFD) library (aka libbfd), as distributed |
| | | | | in GNU Binutils 2.32, allows remote attackers |
| | | | | to cause a denial of service (infinite recursion |
| | | | | and application crash) via a crafted ELF file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-17450 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-1010204 | binutils | 2.31.1-16 | GNU binutils gold gold v1.11-v1.16 (GNU binutils |
| | | | | v2.21-v2.31.1) is affected by: Improper Input |
| | | | | Validation, Signed/Unsigned Comparison, Out-of-bounds |
| | | | | Read. The impact is: Denial of service. The component |
| | | | | is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. |
| | | | | The attack vector is: An ELF file with an |
| | | | | invalid e_shoff header field must be opened. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-1010204 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18607 | binutils | 2.31.1-16 | An issue was discovered in elf_link_input_bfd in |
| | | | | elflink.c in the Binary File Descriptor (BFD) library |
| | | | | (aka libbfd), as distributed in GNU Binutils 2.31. There |
| | | | | is a NULL pointer dereference in elf_link_input_bfd |
| | | | | when used for finding STT_TLS symbols without any TLS |
| | | | | section. A specially crafted ELF allows remote attackers |
| | | | | to cause a denial of service, as demonstrated by ld. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18607 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-17359 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31. An invalid memory access exists in |
| | | | | bfd_zalloc in opncls.c. Attackers could leverage |
| | | | | this vulnerability to cause a denial of service |
| | | | | (application crash) via a crafted ELF file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-17359 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20671 | binutils | 2.31.1-16 | load_specific_debug_section in objdump.c in |
| | | | | GNU Binutils through 2.31.1 contains an integer |
| | | | | overflow vulnerability that can trigger a heap-based |
| | | | | buffer overflow via a crafted section size. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20671 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18606 | binutils | 2.31.1-16 | An issue was discovered in the merge_strings function |
| | | | | in merge.c in the Binary File Descriptor (BFD) library |
| | | | | (aka libbfd), as distributed in GNU Binutils 2.31. There |
| | | | | is a NULL pointer dereference in _bfd_add_merge_section |
| | | | | when attempting to merge sections with large alignments. |
| | | | | A specially crafted ELF allows remote attackers to |
| | | | | cause a denial of service, as demonstrated by ld. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18606 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-12700 | binutils | 2.31.1-16 | A Stack Exhaustion issue was discovered in |
| | | | | debug_write_type in debug.c in GNU Binutils 2.30 |
| | | | | because of DEBUG_KIND_INDIRECT infinite recursion. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-12700 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-17360 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31. a heap-based buffer over-read in |
| | | | | bfd_getl32 in libbfd.c allows an attacker to cause |
| | | | | a denial of service through a crafted PE file. This |
| | | | | vulnerability can be triggered by the executable objdump. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-17360 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-17985 | binutils | 2.31.1-16 | An issue was discovered in cp-demangle.c in GNU |
| | | | | libiberty, as distributed in GNU Binutils 2.31. |
| | | | | There is a stack consumption problem caused by the |
| | | | | cplus_demangle_type function making recursive calls to |
| | | | | itself in certain scenarios involving many 'P' characters. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-17985 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18484 | binutils | 2.31.1-16 | An issue was discovered in cp-demangle.c in GNU |
| | | | | libiberty, as distributed in GNU Binutils 2.31. |
| | | | | Stack Exhaustion occurs in the C++ demangling |
| | | | | functions provided by libiberty, and there is a stack |
| | | | | consumption problem caused by recursive stack frames: |
| | | | | cplus_demangle_type, d_bare_function_type, d_function_type. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18484 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18701 | binutils | 2.31.1-16 | An issue was discovered in cp-demangle.c in GNU |
| | | | | libiberty, as distributed in GNU Binutils 2.31. There |
| | | | | is a stack consumption vulnerability resulting from |
| | | | | infinite recursion in the functions next_is_type_qual() |
| | | | | and cplus_demangle_type() in cp-demangle.c. Remote |
| | | | | attackers could leverage this vulnerability to cause a |
| | | | | denial-of-service via an ELF file, as demonstrated by nm. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18701 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-17451 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in |
| | | | | GNU Binutils 2.32. It is an integer overflow |
| | | | | leading to a SEGV in _bfd_dwarf2_find_nearest_line |
| | | | | in dwarf2.c, as demonstrated by nm. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-17451 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20623 | binutils | 2.31.1-16 | In GNU Binutils 2.31.1, there is a use-after-free |
| | | | | in the error function in elfcomm.c when |
| | | | | called from the process_archive function |
| | | | | in readelf.c via a crafted ELF file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20623 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18605 | binutils | 2.31.1-16 | A heap-based buffer over-read issue was discovered in the |
| | | | | function sec_merge_hash_lookup in merge.c in the Binary |
| | | | | File Descriptor (BFD) library (aka libbfd), as distributed |
| | | | | in GNU Binutils 2.31, because _bfd_add_merge_section |
| | | | | mishandles section merges when size is not a multiple of |
| | | | | entsize. A specially crafted ELF allows remote attackers |
| | | | | to cause a denial of service, as demonstrated by ld. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18605 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18483 | binutils | 2.31.1-16 | The get_count function in cplus-dem.c in GNU libiberty, |
| | | | | as distributed in GNU Binutils 2.31, allows remote |
| | | | | attackers to cause a denial of service (malloc |
| | | | | called with the result of an integer-overflowing |
| | | | | calculation) or possibly have unspecified other impact |
| | | | | via a crafted string, as demonstrated by c++filt. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18483 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-19931 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils through 2.31. There is a heap-based buffer |
| | | | | overflow in bfd_elf32_swap_phdr_in in elfcode.h because |
| | | | | the number of program headers is not restricted. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-19931 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20712 | binutils | 2.31.1-16 | A heap-based buffer over-read exists in the function |
| | | | | d_expression_1 in cp-demangle.c in GNU libiberty, |
| | | | | as distributed in GNU Binutils 2.31.1. A crafted |
| | | | | input can cause segmentation faults, leading to |
| | | | | denial-of-service, as demonstrated by c++filt. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20712 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-13716 | binutils | 2.31.1-16 | The C++ symbol demangler routine in cplus-dem.c |
| | | | | in libiberty, as distributed in GNU Binutils 2.29, |
| | | | | allows remote attackers to cause a denial of service |
| | | | | (excessive memory allocation and application crash) |
| | | | | via a crafted file, as demonstrated by a call from the |
| | | | | Binary File Descriptor (BFD) library (aka libbfd). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13716 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9073 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.32. It is an attempted excessive memory |
| | | | | allocation in _bfd_elf_slurp_version_tables in elf.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9073 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20002 | binutils | 2.31.1-16 | The _bfd_generic_read_minisymbols function in syms.c in |
| | | | | the Binary File Descriptor (BFD) library (aka libbfd), |
| | | | | as distributed in GNU Binutils 2.31, has a memory |
| | | | | leak via a crafted ELF file, leading to a denial of |
| | | | | service (memory consumption), as demonstrated by nm. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20002 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18309 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31. An invalid memory address dereference was |
| | | | | discovered in read_reloc in reloc.c. The vulnerability |
| | | | | causes a segmentation fault and application crash, which |
| | | | | leads to denial of service, as demonstrated by objdump, |
| | | | | because of missing _bfd_clear_contents bounds checking. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18309 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9071 | binutils | 2.31.1-16 | An issue was discovered in GNU libiberty, as |
| | | | | distributed in GNU Binutils 2.32. It is a stack |
| | | | | consumption issue in d_count_templates_scopes |
| | | | | in cp-demangle.c after many recursive calls. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9071 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9070 | binutils | 2.31.1-16 | An issue was discovered in GNU libiberty, as distributed in |
| | | | | GNU Binutils 2.32. It is a heap-based buffer over-read in |
| | | | | d_expression_1 in cp-demangle.c after many recursive calls. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9070 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-14444 | binutils | 2.31.1-16 | apply_relocations in readelf.c in GNU Binutils 2.32 contains |
| | | | | an integer overflow that allows attackers to trigger a |
| | | | | write access violation (in byte_put_little_endian function |
| | | | | in elfcomm.c) via an ELF file, as demonstrated by readelf. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-14444 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-12699 | binutils | 2.31.1-16 | finish_stab in stabs.c in GNU Binutils 2.30 allows |
| | | | | attackers to cause a denial of service (heap-based |
| | | | | buffer overflow) or possibly have unspecified other |
| | | | | impact, as demonstrated by an out-of-bounds write of |
| | | | | 8 bytes. This can occur during execution of objdump. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-12699 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-17358 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31. An invalid memory access exists in |
| | | | | _bfd_stab_section_find_nearest_line in syms.c. Attackers |
| | | | | could leverage this vulnerability to cause a denial of |
| | | | | service (application crash) via a crafted ELF file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-17358 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20673 | binutils | 2.31.1-16 | The demangle_template function in cplus-dem.c in GNU |
| | | | | libiberty, as distributed in GNU Binutils 2.31.1, contains |
| | | | | an integer overflow vulnerability (for "Create an array |
| | | | | for saving the template argument values") that can trigger |
| | | | | a heap-based buffer overflow, as demonstrated by nm. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20673 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-17794 | binutils | 2.31.1-16 | An issue was discovered in cplus-dem.c in GNU libiberty, |
| | | | | as distributed in GNU Binutils 2.31. There is a |
| | | | | NULL pointer dereference in work_stuff_copy_to_from |
| | | | | when called from iterate_demangle_function. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-17794 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-19932 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU Binutils |
| | | | | through 2.31. There is an integer overflow and infinite |
| | | | | loop caused by the IS_CONTAINED_BY_LMA macro in elf.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-19932 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-1010180 | binutils | 2.31.1-16 | GNU gdb All versions is affected by: Buffer Overflow |
| | | | | - Out of bound memory access. The impact is: |
| | | | | Deny of Service, Memory Disclosure, and Possible |
| | | | | Code Execution. The component is: The main gdb |
| | | | | module. The attack vector is: Open an ELF for |
| | | | | debugging. The fixed version is: Not fixed yet. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-1010180 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-14250 | binutils | 2.31.1-16 | An issue was discovered in GNU libiberty, as distributed |
| | | | | in GNU Binutils 2.32. simple_object_elf_match |
| | | | | in simple-object-elf.c does not check for a zero |
| | | | | shstrndx value, leading to an integer overflow |
| | | | | and resultant heap-based buffer overflow. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-14250 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-9138 | binutils | 2.31.1-16 | An issue was discovered in cplus-dem.c in GNU libiberty, |
| | | | | as distributed in GNU Binutils 2.29 and 2.30. Stack |
| | | | | Exhaustion occurs in the C++ demangling functions provided |
| | | | | by libiberty, and there are recursive stack frames: |
| | | | | demangle_nested_args, demangle_args, do_arg, and do_type. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-9138 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-12934 | binutils | 2.31.1-16 | remember_Ktype in cplus-dem.c in GNU libiberty, as |
| | | | | distributed in GNU Binutils 2.30, allows attackers |
| | | | | to trigger excessive memory consumption (aka |
| | | | | OOM). This can occur during execution of cxxfilt. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-12934 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-12698 | binutils | 2.31.1-16 | demangle_template in cplus-dem.c in GNU libiberty, as |
| | | | | distributed in GNU Binutils 2.30, allows attackers to |
| | | | | trigger excessive memory consumption (aka OOM) during the |
| | | | | "Create an array for saving the template argument values" |
| | | | | XNEWVEC call. This can occur during execution of objdump. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-12698 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-18700 | binutils | 2.31.1-16 | An issue was discovered in cp-demangle.c in GNU |
| | | | | libiberty, as distributed in GNU Binutils 2.31. |
| | | | | There is a stack consumption vulnerability resulting |
| | | | | from infinite recursion in the functions d_name(), |
| | | | | d_encoding(), and d_local_name() in cp-demangle.c. Remote |
| | | | | attackers could leverage this vulnerability to cause a |
| | | | | denial-of-service via an ELF file, as demonstrated by nm. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-18700 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-1000876 | binutils | 2.31.1-16 | binutils version 2.32 and earlier contains |
| | | | | a Integer Overflow vulnerability in objdump, |
| | | | | bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc |
| | | | | that can result in Integer overflow trigger heap overflow. |
| | | | | Successful exploitation allows execution of arbitrary |
| | | | | code.. This attack appear to be exploitable via Local. |
| | | | | This vulnerability appears to have been fixed in after |
| | | | | commit 3a551c7a1b80fca579461774860574eabfd7f18f. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-1000876 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-12972 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor (BFD) |
| | | | | library (aka libbfd), as distributed in GNU Binutils 2.32. |
| | | | | There is a heap-based buffer over-read in _bfd_doprnt in bfd.c |
| | | | | because elf_object_p in elfcode.h mishandles an e_shstrndx |
| | | | | section of type SHT_GROUP by omitting a trailing '\0' character. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-12972 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-9996 | binutils | 2.31.1-16 | An issue was discovered in cplus-dem.c in GNU libiberty, as |
| | | | | distributed in GNU Binutils 2.30. Stack Exhaustion occurs in |
| | | | | the C++ demangling functions provided by libiberty, and there |
| | | | | are recursive stack frames: demangle_template_value_parm, |
| | | | | demangle_integral_value, and demangle_expression. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-9996 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9074 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.32. It is an out-of-bounds read leading |
| | | | | to a SEGV in bfd_getl32 in libbfd.c, when called |
| | | | | from pex64_get_runtime_function in pei-x86_64.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9074 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-20651 | binutils | 2.31.1-16 | A NULL pointer dereference was discovered in |
| | | | | elf_link_add_object_symbols in elflink.c in the Binary File |
| | | | | Descriptor (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.31.1. This occurs for a crafted ET_DYN with no |
| | | | | program headers. A specially crafted ELF file allows remote |
| | | | | attackers to cause a denial of service, as demonstrated by ld. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-20651 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2018-12697 | binutils | 2.31.1-16 | A NULL pointer dereference (aka SEGV on unknown address |
| | | | | 0x000000000000) was discovered in work_stuff_copy_to_from |
| | | | | in cplus-dem.c in GNU libiberty, as distributed in GNU |
| | | | | Binutils 2.30. This can occur during execution of objdump. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-12697 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9075 | binutils | 2.31.1-16 | An issue was discovered in the Binary File Descriptor |
| | | | | (BFD) library (aka libbfd), as distributed in GNU |
| | | | | Binutils 2.32. It is a heap-based buffer overflow |
| | | | | in _bfd_archive_64_bit_slurp_armap in archive64.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9075 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9077 | binutils | 2.31.1-16 | An issue was discovered in GNU Binutils 2.32. It is |
| | | | | a heap-based buffer overflow in process_mips_specific |
| | | | | in readelf.c via a malformed MIPS option section. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-9077 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-9937 | jbigkit | 2.1-3.1 | In LibTIFF 4.0.8, there is a memory malloc failure |
| | | | | in tif_jbig.c. A crafted TIFF document can lead to an |
| | | | | abort resulting in a remote denial of service attack. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9937 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2010-4563 | linux | 4.19.98-1 | The Linux kernel, when using IPv6, allows remote attackers to |
| | | | | determine whether a host is sniffing the network by sending |
| | | | | an ICMPv6 Echo Request to a multicast address and determining |
| | | | | whether an Echo Reply is sent, as demonstrated by thcping. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2010-4563 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2017-15232 | libjpeg-turbo | 1:1.5.2-2 | libjpeg-turbo 1.5.2 has a NULL Pointer Dereference |
| | | | | in jdpostct.c and jquant1.c via a crafted JPEG file. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-15232 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-18814 | linux | 4.19.98-1 | An issue was discovered in the Linux kernel through 5.3.9. |
| | | | | There is a use-after-free when aa_label_parse() fails |
| | | | | in aa_audit_rule_init() in security/apparmor/audit.c. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2019-18814 |
+------------+-----------------------------+-----------------+---------------------------+------------------------------------------------------------------+
| Approved | Negligible CVE-2019-9923 | tar