Overview

Kubernetes

• CVE-2020-8560 (to be disclosed; $200 bounty)
• CVE-2020-8556 (to be disclosed; $1000 bounty)

Go/archive/tar

• out-of-range panic in strconv.go:269

postgresSQL

• Buffer overflow when continuously send SIGHUP to postgres

libjpeg-v9c

• CVE-2018-11813 (with acknowledgement in official website)

libucl-230f197

• Assertion Failure in ucl_msgpack.c:845

libjpeg-v9a

• CVE-2018-11212
• CVE-2018-11213
• CVE-2018-11214

md4c-81e2a5c

• CVE-2018-11536
• Heap buffer overflow in md_process_inlines()

md4c-387bd02

• CVE-2018-11547
• CVE-2018-11546
• CVE-2018-11545

pdffigures

• SEGV in TextUtils.cpp:157

PDFgen-206ef1b

• CVE-2018-11363

ReadStat-7bced5b

• CVE-2018-11364

tinyexr_7953aea

• CVE-2018-12064

tinyexr_6fd0c1f

• CVE-2018-12093
• CVE-2018-12092

tinyexr_b53a457

• CVE-2018-12504
• CVE-2018-12503

tinyexr_16aba30

• CVE-2018-12688
• CVE-2018-12687

lldb.rs

• SIGSEGV in frame.rs:153

miniz-2.0.8

• Infinite loop in miniz_tester.cpp:652

tinyexr_65f9859

• CVE-2018-20652 (duplicated)
• CVE-2018-12503 (duplicated)
• CVE-2020-18430
• CVE-2020-18428

libconfig-f53e5de

• Undefined behavior in config_setting_set_string (libconfig.c:1178)
• Undefined behavior in __config_name_compare (libconfig.c:134)