[Git][security-tracker-team/security-tracker][master] Add CVE-2018-8791 - CVE-2018-8800, CVE-2018-20174 - CVE-2018-20182/rdesktop

László Böszörményi gcs at debian.org
Tue Jan 8 00:14:15 GMT 2019


László Böszörményi pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2be01f6f by Laszlo Boszormenyi (GCS) at 2019-01-08T00:11:53Z
Add CVE-2018-8791 - CVE-2018-8800, CVE-2018-20174 - CVE-2018-20182/rdesktop

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5939,24 +5939,24 @@ CVE-2018-20184 (In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-base
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/583/
 CVE-2018-20183
 	RESERVED
-CVE-2018-20182
-	RESERVED
-CVE-2018-20181
-	RESERVED
-CVE-2018-20180
-	RESERVED
-CVE-2018-20179
-	RESERVED
-CVE-2018-20178
-	RESERVED
-CVE-2018-20177
-	RESERVED
-CVE-2018-20176
-	RESERVED
-CVE-2018-20175
-	RESERVED
-CVE-2018-20174
-	RESERVED
+CVE-2018-20182 [Remote code execution in seamless_process_line()]
+	- rdesktop <unfixed>
+CVE-2018-20181 [Remote code execution in seamless_process()]
+	- rdesktop <unfixed>
+CVE-2018-20180 [Remote code execution in rdpsnddbg_process()]
+	- rdesktop <unfixed>
+CVE-2018-20179 [Remote code execution in lspci_process()]
+	- rdesktop <unfixed>
+CVE-2018-20178 [DoS in process_demand_active()]
+	- rdesktop <unfixed>
+CVE-2018-20177 [Memory corruption in rdp_in_unistr()]
+	- rdesktop <unfixed>
+CVE-2018-20176 [DoS in sec_parse_crypt_info() and in sec_recv()]
+	- rdesktop <unfixed>
+CVE-2018-20175 [DoS in mcs_recv_connect_response() and in mcs_parse_domain_params()]
+	- rdesktop <unfixed>
+CVE-2018-20174 [Major information leak in ui_clip_handle_data()]
+	- rdesktop <unfixed>
 CVE-2018-20173 (Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via ...)
 	NOT-FOR-US: Zoho ManageEngine OpManager
 CVE-2018-20346 (SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an ...)
@@ -42228,26 +42228,26 @@ CVE-2018-8802 (SQL injection vulnerability in the management interface in ePorta
 CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...)
 	- gitlab 10.5.6+dfsg-1 (bug #893905)
 	NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
-CVE-2018-8800
-	RESERVED
-CVE-2018-8799
-	RESERVED
-CVE-2018-8798
-	RESERVED
-CVE-2018-8797
-	RESERVED
-CVE-2018-8796
-	RESERVED
-CVE-2018-8795
-	RESERVED
-CVE-2018-8794
-	RESERVED
-CVE-2018-8793
-	RESERVED
-CVE-2018-8792
-	RESERVED
-CVE-2018-8791
-	RESERVED
+CVE-2018-8800 [Remote code execution in ui_clip_handle_data()]
+	- rdesktop <unfixed>
+CVE-2018-8799 [DoS in process_secondary_order()
+	- rdesktop <unfixed>
+CVE-2018-8798 [Minor information leak in rdpsnd_process_ping()]
+	- rdesktop <unfixed>
+CVE-2018-8797 [Remote code execution in process_plane()]
+	- rdesktop <unfixed>
+CVE-2018-8796 [DoS in process_bitmap_data()]
+	- rdesktop <unfixed>
+CVE-2018-8795 [Remote code execution in process_bitmap_data()]
+	- rdesktop <unfixed>
+CVE-2018-8794 [Memory corruption in process_bitmap_data()]
+	- rdesktop <unfixed>
+CVE-2018-8793 [Remote code execution in cssp_read_tsrequest()]
+	- rdesktop <unfixed>
+CVE-2018-8792 [DoS in cssp_read_tsrequest()]
+	- rdesktop <unfixed>
+CVE-2018-8791 [Minor information leak in rdpdr_process()]
+	- rdesktop <unfixed>
 CVE-2018-8790
 	RESERVED
 CVE-2018-8789 (FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2be01f6f3920270a2e3c0405b6b9df9c51e61b10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2be01f6f3920270a2e3c0405b6b9df9c51e61b10
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190108/9000fa0a/attachment.html>


More information about the debian-security-tracker-commits mailing list