Skip to content

Instantly share code, notes, and snippets.

@wzhliang

wzhliang/gist:6754c0dcdb7d38688c7678049f36a197

Created March 18, 2020 02:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wzhliang/6754c0dcdb7d38688c7678049f36a197 to your computer and use it in GitHub Desktop.
Save wzhliang/6754c0dcdb7d38688c7678049f36a197 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| bzip2 | CVE-2019-12900 | HIGH | 1.0.6-r6 | 1.0.6-r7 | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+---------+------------------+ +-------------------+---------------+--------------------------------+
| expat | CVE-2018-20843 | | 2.2.6-r0 | 2.2.7-r0 | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+ +------------------+----------+ +---------------+--------------------------------+
| | CVE-2019-15903 | MEDIUM | | 2.2.7-r1 | expat: heap-based buffer |
| | | | | | over-read via crafted XML |
| | | | | | input |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| musl | CVE-2019-14697 | HIGH | 1.1.20-r4 | 1.1.20-r5 | musl libc through 1.1.23 |
| | | | | | has an x87 floating-point |
| | | | | | stack adjustment imbalance, |
| | | | | | related... |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |
| | | | | | with long nonces |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1549 | | | 1.1.1d-r0 | openssl: information |
| | | | | | disclosure in fork() |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1551 | | | 1.1.1d-r2 | openssl: Integer overflow in |
| | | | | | RSAZ modular exponentiation on |
| | | | | | x86_64 |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1563 | | | 1.1.1d-r0 | openssl: information |
| | | | | | disclosure in PKCS7_dataDecode |
| | | | | | and CMS_decrypt_set1_pkey |
+ +------------------+----------+ + +--------------------------------+
| | CVE-2019-1547 | LOW | | | openssl: side-channel weak |
| | | | | | encryption vulnerability |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| sqlite | CVE-2019-8457 | HIGH | 3.26.0-r3 | 3.28.0-r0 | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+ +------------------+----------+ +---------------+--------------------------------+
| | CVE-2019-16168 | MEDIUM | | 3.28.0-r1 | sqlite: division by zero in |
| | | | | | whereLoopAddBtreeIndex in |
| | | | | | sqlite3.c |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-19242 | | | 3.28.0-r2 | sqlite: SQL injection in |
| | | | | | sqlite3ExprCodeTarget in |
| | | | | | expr.c |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-5018 | | | 3.28.0-r0 | sqlite: use-after-free in |
| | | | | | window function leading to |
| | | | | | remote code execution |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment