diff --git a/charts/dependency/mariadb/sec-scan.md b/charts/dependency/mariadb/sec-scan.md deleted file mode 100644 index 44d574d9bac..00000000000 --- a/charts/dependency/mariadb/sec-scan.md +++ /dev/null @@ -1,908 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:47:19.916Z INFO Need to update the built-in policies -2021-12-03T19:47:19.916Z INFO Downloading the built-in policies... -2021-12-03T19:47:20.611Z INFO Detected config files: 1 - -mariadb/templates/common.yaml (kubernetes) -========================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-mariadb' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-mariadb' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-mariadb' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-mariadb' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-mariadb' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-mariadb' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-mariadb' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:47:20.698Z INFO Need to update DB -2021-12-03T19:47:20.698Z INFO Downloading DB... -2021-12-03T19:47:24.464Z INFO Detected OS: alpine -2021-12-03T19:47:24.464Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:47:24.466Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** - -``` -2021-12-03T19:47:29.346Z INFO Detected OS: debian -2021-12-03T19:47:29.346Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:47:29.362Z INFO Number of language-specific files: 2 -2021-12-03T19:47:29.362Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) -========================================================================================================================= -Total: 144 (UNKNOWN: 0, LOW: 104, MEDIUM: 12, HIGH: 24, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | LOW | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/ini-file (gobinary) -========================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/charts/dependency/memcached/sec-scan.md b/charts/dependency/memcached/sec-scan.md deleted file mode 100644 index 82b31f5445a..00000000000 --- a/charts/dependency/memcached/sec-scan.md +++ /dev/null @@ -1,877 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:48:25.464Z INFO Detected config files: 1 - -memcached/templates/common.yaml (kubernetes) -============================================ -Tests: 39 (SUCCESSES: 28, FAILURES: 11, EXCEPTIONS: 0) -Failures: 11 (UNKNOWN: 0, LOW: 4, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-memcached' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-memcached' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-memcached' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-memcached' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-memcached' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:48:26.594Z INFO Detected OS: alpine -2021-12-03T19:48:26.594Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:48:26.602Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569** - -``` -2021-12-03T19:48:28.787Z INFO Detected OS: debian -2021-12-03T19:48:28.787Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:48:28.804Z INFO Number of language-specific files: 1 -2021-12-03T19:48:28.804Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 (debian 10.11) -=========================================================================================================================== -Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/charts/dependency/postgresql/sec-scan.md b/charts/dependency/postgresql/sec-scan.md deleted file mode 100644 index 2351ec7e75a..00000000000 --- a/charts/dependency/postgresql/sec-scan.md +++ /dev/null @@ -1,1111 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:49:25.561Z INFO Detected config files: 1 - -postgresql/templates/common.yaml (kubernetes) -============================================= -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-postgresql' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:49:26.640Z INFO Detected OS: alpine -2021-12-03T19:49:26.640Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:49:26.643Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** - -``` -2021-12-03T19:49:29.973Z INFO Detected OS: debian -2021-12-03T19:49:29.974Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:49:29.991Z INFO Number of language-specific files: 2 -2021-12-03T19:49:29.991Z INFO Detecting gobinary vulnerabilities... -2021-12-03T19:49:29.991Z INFO Detecting jar vulnerabilities... - -tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) -============================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/charts/dependency/promtail/sec-scan.md b/charts/dependency/promtail/sec-scan.md deleted file mode 100644 index 2efb1e2e4ba..00000000000 --- a/charts/dependency/promtail/sec-scan.md +++ /dev/null @@ -1,544 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:50:27.019Z INFO Detected config files: 1 - -promtail/templates/common.yaml (kubernetes) -=========================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 4, MEDIUM: 9, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Container 'RELEASE-NAME-promtail' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-promtail' of | -| | | | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-promtail' of | -| | | | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-promtail' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-promtail' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV023 | hostPath volumes mounted | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should not set | -| | | | | 'spec.template.volumes.hostPath' | -| | | | | -->avd.aquasec.com/appshield/ksv023 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | Deployment 'RELEASE-NAME-promtail' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:50:28.083Z INFO Detected OS: alpine -2021-12-03T19:50:28.083Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:50:28.087Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4** - -``` -2021-12-03T19:50:31.667Z INFO Detected OS: debian -2021-12-03T19:50:31.667Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:50:31.681Z INFO Number of language-specific files: 1 -2021-12-03T19:50:31.681Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 (debian 11.1) -======================================================================================================================== -Total: 65 (UNKNOWN: 0, LOW: 60, MEDIUM: 1, HIGH: 2, CRITICAL: 2) - -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| apt | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.32-4 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libapt-pkg6.0 | CVE-2011-3374 | | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+-----------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+------------------+------------------+----------+ +---------------+-----------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+-----------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+-----------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+-----------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+-----------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+-----------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libpcre3 | CVE-2017-11164 | | 2:8.39-13 | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 3.1-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libsystemd-dev | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+------------------+------------------+ + +---------------+-----------------------------------------+ -| libsystemd0 | CVE-2013-4392 | | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libudev1 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| login | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| ncurses-bin | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+-----------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| tar | CVE-2005-2541 | | 1.34+dfsg-1 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ - -usr/bin/promtail (gobinary) -=========================== -Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) - -+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ -| github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.5.4 | v1.4.11, v1.5.7 | containerd: insufficiently | -| | | | | | restricted permissions on container | -| | | | | | root and plugin directories | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-41103 | -+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ -| github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 | prometheus: Stored DOM | -| | | | | | cross-site scripting (XSS) | -| | | | | | attack via crafted URL | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3826 | -+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ -``` diff --git a/charts/dependency/redis/sec-scan.md b/charts/dependency/redis/sec-scan.md deleted file mode 100644 index a69a357b69f..00000000000 --- a/charts/dependency/redis/sec-scan.md +++ /dev/null @@ -1,891 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:51:28.440Z INFO Detected config files: 1 - -redis/templates/common.yaml (kubernetes) -======================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:51:29.491Z INFO Detected OS: alpine -2021-12-03T19:51:29.491Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:51:29.495Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae** - -``` -2021-12-03T19:51:31.914Z INFO Detected OS: debian -2021-12-03T19:51:31.914Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:51:31.930Z INFO Number of language-specific files: 2 -2021-12-03T19:51:31.930Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae (debian 10.11) -====================================================================================================================== -Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/wait-for-port (gobinary) -=============================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/charts/library/common/sec-scan.md b/charts/library/common/sec-scan.md deleted file mode 100644 index 1487223a89d..00000000000 --- a/charts/library/common/sec-scan.md +++ /dev/null @@ -1,18 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:20:12.594Z INFO Need to update the built-in policies -2021-12-03T19:20:12.594Z INFO Downloading the built-in policies... -2021-12-03T19:20:13.378Z INFO Detected config files: 0 -``` - -## Containers - -##### Detected Containers - - -##### Scan Results diff --git a/charts/stable/authelia/sec-scan.md b/charts/stable/authelia/sec-scan.md deleted file mode 100644 index 1ed8c998a99..00000000000 --- a/charts/stable/authelia/sec-scan.md +++ /dev/null @@ -1,3135 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T22:24:36.061Z INFO Need to update the built-in policies -2021-12-03T22:24:36.061Z INFO Downloading the built-in policies... -2021-12-03T22:24:37.192Z INFO Detected config files: 3 - -authelia/charts/postgresql/templates/common.yaml (kubernetes) -============================================================= -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-postgresql' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ - -authelia/charts/redis/templates/common.yaml (kubernetes) -======================================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ - -authelia/templates/common.yaml (kubernetes) -=========================================== -Tests: 46 (SUCCESSES: 28, FAILURES: 18, EXCEPTIONS: 0) -Failures: 18 (UNKNOWN: 0, LOW: 6, MEDIUM: 12, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+ -| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | Container 'postgresql-init' of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.allowPrivilegeEscalation' | -| | | | | to false | -| | | | | -->avd.aquasec.com/appshield/ksv001 | -+ +------------+----------------------------------------+----------+--------------------------------------------+ -| | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-authelia' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+----------------------------------------+----------+--------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+----------------------------------------+----------+--------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-authelia' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +--------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+----------------------------------------+ +--------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+----------------------------------------+----------+--------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-authelia' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +--------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+----------------------------------------+ +--------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-authelia' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +--------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+----------------------------------------+ +--------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-authelia' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +--------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe - tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe - -##### Scan Results - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T22:24:37.301Z INFO Need to update DB -2021-12-03T22:24:37.301Z INFO Downloading DB... -2021-12-03T22:24:41.371Z INFO Detected OS: alpine -2021-12-03T22:24:41.371Z INFO Detecting Alpine vulnerabilities... -2021-12-03T22:24:41.373Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe** - -``` -2021-12-03T22:24:44.845Z INFO Detected OS: debian -2021-12-03T22:24:44.845Z INFO Detecting Debian vulnerabilities... -2021-12-03T22:24:44.865Z INFO Number of language-specific files: 2 -2021-12-03T22:24:44.865Z INFO Detecting gobinary vulnerabilities... -2021-12-03T22:24:44.865Z INFO Detecting jar vulnerabilities... - -bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11) -================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d** - -``` -2021-12-03T22:24:46.760Z INFO Detected OS: alpine -2021-12-03T22:24:46.760Z WARN This OS version is not on the EOL list: alpine 3.15 -2021-12-03T22:24:46.760Z INFO Detecting Alpine vulnerabilities... -2021-12-03T22:24:46.760Z INFO Number of language-specific files: 1 -2021-12-03T22:24:46.760Z INFO Detecting gobinary vulnerabilities... -2021-12-03T22:24:46.761Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 -2021-12-03T22:24:46.761Z WARN The vulnerability detection may be insufficient because security updates are not provided - -tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d (alpine 3.15.0) -=========================================================================================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -app/authelia (gobinary) -======================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T22:24:47.657Z INFO Detected OS: alpine -2021-12-03T22:24:47.657Z INFO Detecting Alpine vulnerabilities... -2021-12-03T22:24:47.664Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07** - -``` -2021-12-03T22:24:49.208Z INFO Detected OS: debian -2021-12-03T22:24:49.208Z INFO Detecting Debian vulnerabilities... -2021-12-03T22:24:49.225Z INFO Number of language-specific files: 2 -2021-12-03T22:24:49.225Z INFO Detecting gobinary vulnerabilities... - -bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 (debian 10.11) -========================================================================================================== -Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/wait-for-port (gobinary) -=============================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T22:24:49.888Z INFO Detected OS: alpine -2021-12-03T22:24:49.888Z INFO Detecting Alpine vulnerabilities... -2021-12-03T22:24:49.897Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe** - -``` -2021-12-03T22:24:50.778Z INFO Detected OS: debian -2021-12-03T22:24:50.778Z INFO Detecting Debian vulnerabilities... -2021-12-03T22:24:50.800Z INFO Number of language-specific files: 2 -2021-12-03T22:24:50.801Z INFO Detecting gobinary vulnerabilities... -2021-12-03T22:24:50.801Z INFO Detecting jar vulnerabilities... - -bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11) -================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/charts/stable/jackett/Chart.yaml b/charts/stable/jackett/Chart.yaml index 0c4b5c3f575..3534770a3b5 100644 --- a/charts/stable/jackett/Chart.yaml +++ b/charts/stable/jackett/Chart.yaml @@ -21,7 +21,7 @@ name: jackett sources: - https://github.com/Jackett/Jackett type: application -version: 9.0.32 +version: 9.0.33 annotations: truecharts.org/catagories: | - media diff --git a/charts/stable/jackett/sec-scan.md b/charts/stable/jackett/sec-scan.md deleted file mode 100644 index 79b22e1f84b..00000000000 --- a/charts/stable/jackett/sec-scan.md +++ /dev/null @@ -1,600 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T18:33:16.449Z INFO Need to update the built-in policies -2021-12-03T18:33:16.449Z INFO Downloading the built-in policies... -2021-12-03T18:33:17.259Z INFO Detected config files: 1 - -jackett/templates/common.yaml (kubernetes) -========================================== -Tests: 40 (SUCCESSES: 28, FAILURES: 12, EXCEPTIONS: 0) -Failures: 12 (UNKNOWN: 0, LOW: 5, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-jackett' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-jackett' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-jackett' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 - -##### Scan Results - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T18:33:17.339Z INFO Need to update DB -2021-12-03T18:33:17.340Z INFO Downloading DB... -2021-12-03T18:33:19.939Z INFO Detected OS: alpine -2021-12-03T18:33:19.939Z INFO Detecting Alpine vulnerabilities... -2021-12-03T18:33:19.941Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79** - -``` -2021-12-03T18:33:24.300Z INFO Detected OS: ubuntu -2021-12-03T18:33:24.300Z INFO Detecting Ubuntu vulnerabilities... -2021-12-03T18:33:24.303Z INFO Number of language-specific files: 1 -2021-12-03T18:33:24.303Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) -========================================================================================================================== -Total: 76 (UNKNOWN: 0, LOW: 52, MEDIUM: 24, HIGH: 0, CRITICAL: 0) - -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| bind9-dnsutils | CVE-2021-25219 | MEDIUM | 1:9.16.1-0ubuntu2.8 | 1:9.16.1-0ubuntu2.9 | bind: Lame cache can be abused to | -| | | | | | severely degrade resolver performance | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-25219 | -+----------------------+ + + + + + -| bind9-host | | | | | | -| | | | | | | -| | | | | | | -+----------------------+ + + + + + -| bind9-libs | | | | | | -| | | | | | | -| | | | | | | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| coreutils | CVE-2016-2781 | LOW | 8.30-3ubuntu2 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| dnsutils | CVE-2021-25219 | MEDIUM | 1:9.16.1-0ubuntu2.8 | 1:9.16.1-0ubuntu2.9 | bind: Lame cache can be abused to | -| | | | | | severely degrade resolver performance | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-25219 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libasn1-8-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libc-bin | CVE-2021-35942 | MEDIUM | 2.31-0ubuntu9.2 | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | -| | | | | | helper_thread() in mq_notify.c while | -| | | | | | handling NOTIFY_REMOVED messages... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2019-25013 | | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | -| | | | | | when converting invalid UCS4 | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-33574 | | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ -| libc6 | CVE-2021-35942 | MEDIUM | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | -| | | | | | helper_thread() in mq_notify.c while | -| | | | | | handling NOTIFY_REMOVED messages... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2019-25013 | | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | -| | | | | | when converting invalid UCS4 | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-33574 | | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libgmp10 | CVE-2021-43618 | | 2:6.2.0+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libgssapi-krb5-2 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | -| | | | | | PA-ENCRYPTED-CHALLENGE padata | -| | | | | | element without using FAST could... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2018-5709 | LOW | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libgssapi3-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+ + + +-------------------------+ + -| libhcrypto4-heimdal | | | | | | -| | | | | | | -| | | | | | | -+----------------------+ + + +-------------------------+ + -| libheimbase1-heimdal | | | | | | -| | | | | | | -| | | | | | | -+----------------------+ + + +-------------------------+ + -| libheimntlm0-heimdal | | | | | | -| | | | | | | -| | | | | | | -+----------------------+ + + +-------------------------+ + -| libhx509-5-heimdal | | | | | | -| | | | | | | -| | | | | | | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libk5crypto3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | -| | | | | | PA-ENCRYPTED-CHALLENGE padata | -| | | | | | element without using FAST could... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2018-5709 | LOW | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libkrb5-26-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libkrb5-3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | -| | | | | | PA-ENCRYPTED-CHALLENGE padata | -| | | | | | element without using FAST could... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2018-5709 | LOW | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ -| libkrb5support0 | CVE-2021-36222 | MEDIUM | | | krb5: Sending a request containing | -| | | | | | PA-ENCRYPTED-CHALLENGE padata | -| | | | | | element without using FAST could... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2018-5709 | LOW | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libpcre3 | CVE-2017-11164 | | 2:8.39-12build1 | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-14155 | | | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libpython3.8-minimal | CVE-2021-29921 | MEDIUM | 3.8.10-0ubuntu1~20.04 | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | -| | | | | | validation of octal strings | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3737 | | | | python: urllib: HTTP client | -| | | | | | possible infinite loop on | -| | | | | | a 100 Continue response... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | -| | | | | | via urllib.parse.parse_qsl | -| | | | | | and urllib.parse.parse_qs | -| | | | | | by using a semicolon... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | -+----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ -| libpython3.8-stdlib | CVE-2021-29921 | MEDIUM | | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | -| | | | | | validation of octal strings | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3737 | | | | python: urllib: HTTP client | -| | | | | | possible infinite loop on | -| | | | | | a 100 Continue response... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | -| | | | | | via urllib.parse.parse_qsl | -| | | | | | and urllib.parse.parse_qs | -| | | | | | by using a semicolon... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libroken18-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libsqlite3-0 | CVE-2020-9794 | MEDIUM | 3.31.1-4ubuntu0.2 | | An out-of-bounds read was | -| | | | | | addressed with improved bounds | -| | | | | | checking. This issue is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-9794 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2020-9849 | LOW | | | An information disclosure issue | -| | | | | | was addressed with improved | -| | | | | | state management. This issue... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-9849 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-9991 | | | | This issue was addressed | -| | | | | | with improved checks. | -| | | | | | This issue is fixed in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-9991 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.16.0-2 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libwind0-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| locales | CVE-2021-35942 | MEDIUM | 2.31-0ubuntu9.2 | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | -| | | | | | helper_thread() in mq_notify.c while | -| | | | | | handling NOTIFY_REMOVED messages... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2019-25013 | | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | -| | | | | | when converting invalid UCS4 | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-33574 | | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| login | CVE-2013-4235 | | 1:4.8.1-1ubuntu5.20.04.1 | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+----------------------+ + + +-------------------------+ + -| passwd | | | | | | -| | | | | | | -| | | | | | | -| | | | | | | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| python3.8 | CVE-2021-29921 | | 3.8.10-0ubuntu1~20.04 | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | -| | | | | | validation of octal strings | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3737 | | | | python: urllib: HTTP client | -| | | | | | possible infinite loop on | -| | | | | | a 100 Continue response... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | -| | | | | | via urllib.parse.parse_qsl | -| | | | | | and urllib.parse.parse_qs | -| | | | | | by using a semicolon... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | -+----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ -| python3.8-minimal | CVE-2021-29921 | MEDIUM | | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | -| | | | | | validation of octal strings | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3737 | | | | python: urllib: HTTP client | -| | | | | | possible infinite loop on | -| | | | | | a 100 Continue response... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | -| | | | | | via urllib.parse.parse_qsl | -| | | | | | and urllib.parse.parse_qs | -| | | | | | by using a semicolon... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ - -usr/local/bin/micro (gobinary) -============================== -Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) - -+------------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 | kubernetes: Denial of | -| | | | | | service in API server via | -| | | | | | crafted YAML payloads by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-11254 | -+------------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` diff --git a/charts/stable/nextcloud/sec-scan.md b/charts/stable/nextcloud/sec-scan.md deleted file mode 100644 index 02a9d604544..00000000000 --- a/charts/stable/nextcloud/sec-scan.md +++ /dev/null @@ -1,7405 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T20:42:27.633Z INFO Need to update the built-in policies -2021-12-03T20:42:27.633Z INFO Downloading the built-in policies... -2021-12-03T20:42:28.661Z INFO Detected config files: 3 - -nextcloud/charts/postgresql/templates/common.yaml (kubernetes) -============================================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-postgresql' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ - -nextcloud/charts/redis/templates/common.yaml (kubernetes) -========================================================= -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ - -nextcloud/templates/common.yaml (kubernetes) -============================================ -Tests: 57 (SUCCESSES: 28, FAILURES: 29, EXCEPTIONS: 0) -Failures: 29 (UNKNOWN: 0, LOW: 11, MEDIUM: 18, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should set | -| | | | | 'securityContext.allowPrivilegeEscalation' | -| | | | | to false | -| | | | | -->avd.aquasec.com/appshield/ksv001 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.allowPrivilegeEscalation' | -| | | | | to false | -| | | | | -->avd.aquasec.com/appshield/ksv001 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-nextcloud' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'RELEASE-NAME-nextcloud' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-nextcloud' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-nextcloud' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-nextcloud' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-nextcloud' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-nextcloud' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | Deployment 'RELEASE-NAME-nextcloud' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe - tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e - tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe - -##### Scan Results - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T20:42:28.758Z INFO Need to update DB -2021-12-03T20:42:28.758Z INFO Downloading DB... -2021-12-03T20:42:31.243Z INFO Detected OS: alpine -2021-12-03T20:42:31.243Z INFO Detecting Alpine vulnerabilities... -2021-12-03T20:42:31.244Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe** - -``` -2021-12-03T20:42:34.038Z INFO Detected OS: debian -2021-12-03T20:42:34.038Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:34.056Z INFO Number of language-specific files: 2 -2021-12-03T20:42:34.056Z INFO Detecting gobinary vulnerabilities... -2021-12-03T20:42:34.056Z INFO Detecting jar vulnerabilities... - -bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11) -================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e** - -``` -2021-12-03T20:42:43.765Z INFO Detected OS: debian -2021-12-03T20:42:43.765Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:43.822Z INFO Number of language-specific files: 5 -2021-12-03T20:42:43.823Z INFO Detecting composer vulnerabilities... - -tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e (debian 11.1) -========================================================================================================================== -Total: 449 (UNKNOWN: 0, LOW: 332, MEDIUM: 66, HIGH: 40, CRITICAL: 11) - -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-bin | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-data | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-utils | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| binutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| binutils-common | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| binutils-x86-64-linux-gnu | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| busybox-static | CVE-2021-42377 | CRITICAL | 1:1.30.1-6 | | busybox: an attacker-controlled | -| | | | | | pointer free in hush applet | -| | | | | | leads to denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42377 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-28831 | HIGH | | | busybox: invalid free or segmentation | -| | | | | | fault via malformed gzip data | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-28831 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42378 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-1000500 | LOW | | | busybox: wget: Missing | -| | | | | | SSL certificate validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000500 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42373 | | | | busybox: NULL pointer | -| | | | | | dereference in man applet | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42373 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42374 | | | | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42375 | | | | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42376 | | | | busybox: NULL pointer | -| | | | | | dereference in hush applet | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42376 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.32-4 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22945 | CRITICAL | 7.74.0-1.3 | | curl: use-after-free and | -| | | | | | double-free in MQTT sending | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22945 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22946 | HIGH | | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| imagemagick-6-common | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libaom0 | CVE-2021-30473 | CRITICAL | 1.0.0.errata1-3 | | aom_image.c in libaom in | -| | | | | | AOMedia before 2021-04-07 | -| | | | | | frees memory that is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30473 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-30474 | | | | aom_dsp/grain_table.c in | -| | | | | | libaom in AOMedia before | -| | | | | | 2021-03-30 has a use-after-free. | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30474 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-30475 | | | | aom_dsp/noise_model.c in libaom | -| | | | | | in AOMedia before 2021-03-24 | -| | | | | | has a buffer overflow. | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30475 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg6.0 | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libbinutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-dev-bin | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6-dev | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libctf-nobfd0 | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libctf0 | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22945 | CRITICAL | 7.74.0-1.3 | | curl: use-after-free and | -| | | | | | double-free in MQTT sending | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22945 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22946 | HIGH | | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libde265-0 | CVE-2020-21598 | HIGH | 1.0.8-1 | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | ff_hevc_put_unweighted_pred_8_sse | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21598 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-21594 | MEDIUM | | | libde265 v1.0.4 contains | -| | | | | | a heap buffer overflow in | -| | | | | | the put_epel_hv_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21594 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21595 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | mc_luma function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21595 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21596 | | | | libde265 v1.0.4 contains a | -| | | | | | global buffer overflow in the | -| | | | | | decode_CABAC_bit function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21596 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21597 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | mc_chroma function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21597 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21599 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | de265_image::available_zscan | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21599 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21600 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_weighted_pred_avg_16_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21600 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21601 | | | | libde265 v1.0.4 contains a | -| | | | | | stack buffer overflow in the | -| | | | | | put_qpel_fallback function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21601 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21602 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_weighted_bipred_16_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21602 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21603 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_qpel_0_0_fallback_16 | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21603 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21604 | | | | libde265 v1.0.4 contains a heap | -| | | | | | buffer overflow fault in the | -| | | | | | _mm_loadl_epi64 function,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21604 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21605 | | | | libde265 v1.0.4 contains | -| | | | | | a segmentation fault in | -| | | | | | the apply_sao_internal | -| | | | | | function, which can... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21605 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21606 | | | | libde265 v1.0.4 contains a heap | -| | | | | | buffer overflow fault in the | -| | | | | | put_epel_16_fallback function,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21606 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libexpat1 | CVE-2013-0340 | LOW | 2.2.10-2 | | expat: internal entity expansion | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-0340 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libglib2.0-0 | CVE-2012-0039 | | 2.66.8-1 | | glib2: hash table | -| | | | | | collisions CPU usage DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libheif1 | CVE-2020-23109 | HIGH | 1.11.0-1 | | Buffer overflow vulnerability | -| | | | | | in function convert_colorspace | -| | | | | | in heif_colorconversion.cc | -| | | | | | in libheif v1.6.2, allows... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-23109 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libjansson4 | CVE-2020-36325 | LOW | 2.13.1-1.1 | | jansson: out-of-bounds read in | -| | | | | | json_loads() due to a parsing error | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-36325 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libjbig0 | CVE-2017-9937 | | 2.1-3.1 | | libtiff: memory malloc failure | -| | | | | | in tif_jbig.c could cause DOS. | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-9937 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.57+dfsg-3 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| liblua5.3-0 | CVE-2019-6706 | HIGH | 5.3.3-1.1 | | lua: use-after-free in | -| | | | | | lua_upvaluejoin in lapi.c | -| | | | | | resulting in denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6706 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-24370 | MEDIUM | | | lua: segmentation fault in getlocal | -| | | | | | and setlocal functions in ldebug.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-24370 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43519 | | | | Stack overflow in lua_resume | -| | | | | | of ldo.c in Lua Interpreter | -| | | | | | 5.1.0~5.4.4 allows attackers... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43519 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libmagickcore-6.q16-6 | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libmagickwand-6.q16-6 | CVE-2021-20309 | HIGH | | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libopenjp2-7 | CVE-2021-3575 | HIGH | 2.4.0-3 | | openjpeg: heap-buffer-overflow | -| | | | | | in color.c may lead to DoS or | -| | | | | | arbitrary code execution... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3575 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-29338 | MEDIUM | | | openjpeg: out-of-bounds write due to | -| | | | | | an integer overflow in opj_compress.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29338 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-10505 | LOW | | | openjpeg: NULL pointer dereference | -| | | | | | in imagetopnm function in convert.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10505 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10506 | | | | openjpeg: Division by zero in | -| | | | | | functions opj_pi_next_cprl, | -| | | | | | opj_pi_next_pcrl, and | -| | | | | | opj_pi_next_rpcl in pi.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10506 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9113 | | | | CVE-2016-9114 CVE-2016-9115 | -| | | | | | CVE-2016-9116 CVE-2016-9117 | -| | | | | | CVE-2016-9118 openjpeg2: | -| | | | | | Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9113 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9114 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9114 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9115 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9115 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9116 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9116 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9117 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9117 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9580 | | | | openjpeg2: Integer overflow | -| | | | | | in tiftoimage causes | -| | | | | | heap buffer overflow | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9581 | | | | openjpeg2: Infinite loop | -| | | | | | in tiftoimage resulting | -| | | | | | into heap buffer overflow | -| | | | | | in convert_32s_C1P1... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17479 | | | | openjpeg: Stack-buffer overflow | -| | | | | | in the pgxtoimage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17479 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-16375 | | | | openjpeg: Heap-based buffer | -| | | | | | overflow in pnmtoimage | -| | | | | | function in bin/jpwl/convert.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-16375 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-16376 | | | | openjpeg: Heap-based buffer overflow | -| | | | | | in function t2_encode_packet | -| | | | | | in src/lib/openmj2/t2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-16376 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20846 | | | | openjpeg: out-of-bounds read in | -| | | | | | functions pi_next_lrcp, pi_next_rlcp, | -| | | | | | pi_next_rpcl, pi_next_pcrl, | -| | | | | | pi_next_rpcl, and pi_next_cprl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20846 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-6988 | | | | openjpeg: DoS via memory | -| | | | | | exhaustion in opj_decompress | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6988 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2017-11164 | | 2:8.39-13 | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libperl5.32 | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libpng16-16 | CVE-2019-6129 | | 1.6.37-3 | | libpng: memory leak of | -| | | | | | png_info struct in pngcp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6129 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 3.1-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2021-36690 | | 3.34.1-3 | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libtiff5 | CVE-2014-8130 | | 4.2.0-1 | | libtiff: divide by zero | -| | | | | | in the tiffdither tool | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-8130 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16232 | | | | libtiff: Memory leaks in | -| | | | | | tif_open.c, tif_lzw.c, and tif_aux.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16232 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17973 | | | | libtiff: heap-based use after | -| | | | | | free in tiff2pdf.c:t2p_writeproc | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17973 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-5563 | | | | libtiff: Heap-buffer overflow | -| | | | | | in LZWEncode tif_lzw.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-5563 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-9117 | | | | libtiff: Heap-based buffer | -| | | | | | over-read in bmp2tiff | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-9117 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-10126 | | | | libtiff: NULL pointer dereference | -| | | | | | in the jpeg_fdct_16x16 | -| | | | | | function in jfdctint.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-10126 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libwebp6 | CVE-2016-9085 | | 0.6.1-2.1 | | libwebp: Several integer overflows | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9085 | -+---------------------------+ + + +---------------+ + -| libwebpdemux2 | | | | | | -| | | | | | | -+---------------------------+ + + +---------------+ + -| libwebpmux3 | | | | | | -| | | | | | | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| linux-libc-dev | CVE-2021-43267 | CRITICAL | 5.10.70-1 | | kernel: Insufficient validation | -| | | | | | of user-supplied sizes for | -| | | | | | the MSG_CRYPTO message type | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43267 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-7445 | HIGH | | | kernel: memory exhaustion via | -| | | | | | crafted Graphics Execution | -| | | | | | Manager (GEM) objects | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-7445 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19378 | | | | kernel: out-of-bounds write in | -| | | | | | index_rbio_pages in fs/btrfs/raid56.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19449 | | | | kernel: mounting a crafted | -| | | | | | f2fs filesystem image can lead | -| | | | | | to slab-out-of-bounds read... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19449 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19814 | | | | kernel: out-of-bounds write | -| | | | | | in __remove_dirty_segment | -| | | | | | in fs/f2fs/segment.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19814 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12362 | | | | kernel: Integer overflow in | -| | | | | | Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12362 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26556 | | | | kernel: malleable commitment | -| | | | | | Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26556 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26557 | | | | kernel: predictable | -| | | | | | Authvalue in Bluetooth Mesh | -| | | | | | Provisioning Leads to MITM | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26557 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26559 | | | | kernel: Authvalue leak in | -| | | | | | Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26559 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26560 | | | | kernel: impersonation attack | -| | | | | | in Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26560 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3752 | | | | kernel: possible use-after-free | -| | | | | | in bluetooth module | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4001 | | | | kernel: race condition | -| | | | | | when the EBPF map is frozen | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4001 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4028 | | | | kernel: use-after-free | -| | | | | | in RDMA listen() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4028 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-41864 | | | | kernel: eBPF multiplication | -| | | | | | integer overflow in | -| | | | | | prealloc_elems_and_freelist() | -| | | | | | in kernel/bpf/stackmap.c | -| | | | | | leads to out-of-bounds... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-41864 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-15213 | MEDIUM | | | kernel: use-after-free caused | -| | | | | | by malicious USB device in | -| | | | | | drivers/media/usb/dvb-usb/dvb-usb-init.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15213 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15794 | | | | kernel: Overlayfs in the | -| | | | | | Linux kernel and shiftfs | -| | | | | | not restoring original... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15794 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16089 | | | | kernel: Improper return check | -| | | | | | in nbd_genl_status function | -| | | | | | in drivers/block/nbd.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16089 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20794 | | | | kernel: task processes not | -| | | | | | being properly ended could | -| | | | | | lead to resource exhaustion... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20794 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12363 | | | | kernel: Improper input validation | -| | | | | | in some Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12363 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12364 | | | | kernel: Null pointer dereference | -| | | | | | in some Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12364 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-14304 | | | | kernel: ethtool when reading | -| | | | | | eeprom of device could | -| | | | | | lead to memory leak... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14304 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15802 | | | | hardware: BLURtooth: "Dual | -| | | | | | mode" hardware using CTKD are | -| | | | | | vulnerable to key overwrite... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15802 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-24504 | | | | kernel: Uncontrolled resource | -| | | | | | consumption in some Intel(R) | -| | | | | | Ethernet E810 Adapter drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-24504 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26555 | | | | kernel: Bluetooth BR/EDR PIN | -| | | | | | Pairing procedure is vulnerable | -| | | | | | to an impersonation attack... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26555 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20321 | | | | kernel: In Overlayfs missing | -| | | | | | a check for a negative | -| | | | | | dentry before calling... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20321 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3640 | | | | kernel: use-after-free vulnerability | -| | | | | | in function sco_sock_sendmsg() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3640 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3669 | | | | kernel: reading /proc/sysvipc/shm | -| | | | | | does not scale with large | -| | | | | | shared memory segment counts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3669 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3744 | | | | kernel: crypto: ccp - fix resource | -| | | | | | leaks in ccp_run_aes_gcm_cmd() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3744 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3759 | | | | kernel: unaccounted ipc | -| | | | | | objects in Linux kernel lead | -| | | | | | to breaking memcg limits... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3759 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3764 | | | | kernel: DoS in | -| | | | | | ccp_run_aes_gcm_cmd() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3764 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3772 | | | | kernel: sctp: Invalid chunks | -| | | | | | may be used to remotely remove | -| | | | | | existing associations... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3772 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3847 | | | | kernel: low-privileged | -| | | | | | user privileges escalation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3847 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3892 | | | | kernel: memory leak | -| | | | | | in fib6_rule_suppress | -| | | | | | could result in DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3892 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4002 | | | | kernel: possible leak or coruption | -| | | | | | of data residing on hugetlbfs | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4002 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4037 | | | | kernel: security regression | -| | | | | | for CVE-2018-13405 | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4037 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42327 | | | | kernel: heap-based buffer overflow | -| | | | | | in dp_link_settings_write() in | -| | | | | | drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42327 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42739 | | | | kernel: Heap buffer | -| | | | | | overflow in firedtv driver | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42739 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43056 | | | | kernel: ppc: kvm: allows a malicious | -| | | | | | KVM guest to crash the host... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43056 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43389 | | | | kernel: an array-index-out-bounds | -| | | | | | in detach_capi_ctr in | -| | | | | | drivers/isdn/capi/kcapi.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43389 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43975 | | | | kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in | -| | | | | | drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43975 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43976 | | | | kernel: mwifiex_usb_recv() in | -| | | | | | drivers/net/wireless/marvell/mwifiex/usb.c | -| | | | | | allows an attacker to | -| | | | | | cause DoS via crafted... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43976 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2004-0230 | LOW | | | TCP, when using a large Window | -| | | | | | Size, makes it easier for remote... | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0230 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2005-3660 | | | | Linux kernel 2.4 and 2.6 allows | -| | | | | | attackers to cause a denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-3660 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3719 | | | | kernel: secretly Monopolizing the | -| | | | | | CPU Without Superuser Privileges | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3719 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-2544 | | | | kernel: mounting proc | -| | | | | | readonly on a different mount | -| | | | | | point silently mounts it... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-2544 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-4609 | | | | kernel: TCP protocol | -| | | | | | vulnerabilities from Outpost24 | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-4609 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-4563 | | | | kernel: ipv6: sniffer detection | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4563 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-5321 | | | | kernel: v4l: videobuf: hotfix a | -| | | | | | bug on multiple calls to mmap() | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-5321 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2011-4915 | | | | fs/proc/base.c in the Linux | -| | | | | | kernel through 3.1 allows | -| | | | | | local users to obtain... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4915 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2011-4917 | | | | -->avd.aquasec.com/nvd/cve-2011-4917 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2012-4542 | | | | kernel: block: default SCSI | -| | | | | | command filter does not accomodate | -| | | | | | commands overlap across... | -| | | | | | -->avd.aquasec.com/nvd/cve-2012-4542 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2014-9892 | | | | The snd_compr_tstamp function in | -| | | | | | sound/core/compress_offload.c in | -| | | | | | the Linux kernel through 4.7, as... | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-9892 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2014-9900 | | | | kernel: Info leak in uninitialized | -| | | | | | structure ethtool_wolinfo | -| | | | | | in ethtool_get_wol() | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-9900 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2015-2877 | | | | Kernel: Cross-VM ASL | -| | | | | | INtrospection (CAIN) | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-2877 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10723 | | | | ** DISPUTED ** An issue | -| | | | | | was discovered in the | -| | | | | | Linux kernel through... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10723 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8660 | | | | kernel: xfs: local DoS due to | -| | | | | | a page lock order bug in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8660 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-0630 | | | | kernel: Information | -| | | | | | disclosure vulnerability | -| | | | | | in kernel trace subsystem | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-0630 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-13693 | | | | kernel: ACPI operand | -| | | | | | cache leak in dsutils.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13693 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-13694 | | | | kernel: ACPI node and | -| | | | | | node_ext cache leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13694 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-1121 | | | | procps-ng, procps: process | -| | | | | | hiding through race | -| | | | | | condition enumerating /proc | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1121 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12928 | | | | kernel: NULL pointer dereference | -| | | | | | in hfs_ext_read_extent in hfs.ko | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12928 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-17977 | | | | kernel: Mishandled interactions among | -| | | | | | XFRM Netlink messages, IPPROTO_AH | -| | | | | | packets, and IPPROTO_IP packets... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-17977 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-11191 | | | | kernel: race condition in | -| | | | | | load_aout_binary() allows local | -| | | | | | users to bypass ASLR on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-11191 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12378 | | | | kernel: unchecked kmalloc | -| | | | | | of new_ra in ip6_ra_control | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12379 | | | | kernel: memory leak in | -| | | | | | con_insert_unipair in | -| | | | | | drivers/tty/vt/consolemap.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12379 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12380 | | | | kernel: memory allocation | -| | | | | | failure in the efi subsystem | -| | | | | | leads to denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12380 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12381 | | | | kernel: unchecked kmalloc | -| | | | | | of new_ra in ip_ra_control | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12381 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12382 | | | | kernel: unchecked kstrdup of | -| | | | | | fwstr in drm_load_edid_firmware | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12382 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12455 | | | | kernel: null pointer dereference | -| | | | | | in sunxi_divs_clk_setup in | -| | | | | | drivers/clk/sunxi/clk-sunxi.c | -| | | | | | causing denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12455 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12456 | | | | kernel: double fetch in the | -| | | | | | MPT3COMMAND case in _ctl_ioctl_main | -| | | | | | in drivers/scsi/mpt3sas/mpt3sas_ctl.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12456 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16229 | | | | kernel: null pointer dereference in | -| | | | | | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16229 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16230 | | | | kernel: null pointer dereference in | -| | | | | | drivers/gpu/drm/radeon/radeon_display.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16230 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16231 | | | | kernel: null-pointer dereference | -| | | | | | in drivers/net/fjes/fjes_main.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16232 | | | | kernel: null-pointer dereference in | -| | | | | | drivers/net/wireless/marvell/libertas/if_sdio.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16232 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16233 | | | | kernel: null pointer dereference | -| | | | | | in drivers/scsi/qla2xxx/qla_os.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16233 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16234 | | | | kernel: null pointer dereference in | -| | | | | | drivers/net/wireless/intel/iwlwifi/pcie/trans.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16234 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19070 | | | | kernel: A memory leak in the | -| | | | | | spi_gpio_probe() function in | -| | | | | | drivers/spi/spi-gpio.c allows for... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19070 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11725 | | | | kernel: improper handling of | -| | | | | | private_size*count multiplication | -| | | | | | due to count=info->owner typo | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11725 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27820 | | | | kernel: use-after-free | -| | | | | | in nouveau kernel module | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27820 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35501 | | | | kernel: audit not logging access | -| | | | | | to syscall open_by_handle_at for | -| | | | | | users with CAP_DAC_READ_SEARCH... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35501 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-26934 | | | | An issue was discovered in the Linux | -| | | | | | kernel 4.18 through 5.10.16, as... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-26934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-32078 | | | | kernel: out-of-bounds read in | -| | | | | | arch/arm/mach-footbridge/personal-pci.c | -| | | | | | due to improper input validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-32078 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3760 | | | | kernel: nfc: Use-After-Free | -| | | | | | vulnerability of | -| | | | | | ndev->rf_conn_info object | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3760 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| m4 | CVE-2008-1687 | | 1.4.18-5 | | m4: unquoted output of | -| | | | | | maketemp and mkstemp | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-1687 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-1688 | | | | m4: code execution via -F argument | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-1688 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+ + + +---------------+ + -| ncurses-bin | | | | | | -| | | | | | | -| | | | | | | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| patch | CVE-2010-4651 | | 2.7.6-7 | | patch: directory traversal flaw | -| | | | | | allows for arbitrary file creation | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4651 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-6951 | | | | patch: NULL pointer dereference | -| | | | | | in pch.c:intuit_diff_type() | -| | | | | | causes a crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6951 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-6952 | | | | patch: Double free of memory in | -| | | | | | pch.c:another_hunk() causes a crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6952 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| perl | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| perl-modules-5.32 | CVE-2020-16156 | MEDIUM | | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| re2c | CVE-2018-21232 | | 2.0.3-1 | | re2c: uncontrolled recursion | -| | | | | | that causes stack consumption | -| | | | | | in find_fixed_tags | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-21232 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.34+dfsg-1 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ - -usr/src/nextcloud/3rdparty/composer.lock (composer) -=================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/3rdparty/egulias/email-validator/composer.lock (composer) -=========================================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/circles/composer.lock (composer) -======================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/files_external/3rdparty/composer.lock (composer) -======================================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/support/composer.lock (composer) -======================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e** - -``` -2021-12-03T20:42:44.996Z INFO Detected OS: debian -2021-12-03T20:42:44.996Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:45.059Z INFO Number of language-specific files: 5 -2021-12-03T20:42:45.059Z INFO Detecting composer vulnerabilities... - -tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e (debian 11.1) -========================================================================================================================== -Total: 449 (UNKNOWN: 0, LOW: 332, MEDIUM: 66, HIGH: 40, CRITICAL: 11) - -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-bin | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-data | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-utils | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| binutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| binutils-common | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| binutils-x86-64-linux-gnu | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| busybox-static | CVE-2021-42377 | CRITICAL | 1:1.30.1-6 | | busybox: an attacker-controlled | -| | | | | | pointer free in hush applet | -| | | | | | leads to denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42377 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-28831 | HIGH | | | busybox: invalid free or segmentation | -| | | | | | fault via malformed gzip data | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-28831 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42378 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-1000500 | LOW | | | busybox: wget: Missing | -| | | | | | SSL certificate validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000500 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42373 | | | | busybox: NULL pointer | -| | | | | | dereference in man applet | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42373 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42374 | | | | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42375 | | | | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42376 | | | | busybox: NULL pointer | -| | | | | | dereference in hush applet | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42376 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.32-4 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22945 | CRITICAL | 7.74.0-1.3 | | curl: use-after-free and | -| | | | | | double-free in MQTT sending | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22945 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22946 | HIGH | | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| imagemagick-6-common | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libaom0 | CVE-2021-30473 | CRITICAL | 1.0.0.errata1-3 | | aom_image.c in libaom in | -| | | | | | AOMedia before 2021-04-07 | -| | | | | | frees memory that is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30473 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-30474 | | | | aom_dsp/grain_table.c in | -| | | | | | libaom in AOMedia before | -| | | | | | 2021-03-30 has a use-after-free. | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30474 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-30475 | | | | aom_dsp/noise_model.c in libaom | -| | | | | | in AOMedia before 2021-03-24 | -| | | | | | has a buffer overflow. | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30475 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg6.0 | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libbinutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-dev-bin | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6-dev | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libctf-nobfd0 | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libctf0 | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22945 | CRITICAL | 7.74.0-1.3 | | curl: use-after-free and | -| | | | | | double-free in MQTT sending | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22945 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22946 | HIGH | | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libde265-0 | CVE-2020-21598 | HIGH | 1.0.8-1 | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | ff_hevc_put_unweighted_pred_8_sse | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21598 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-21594 | MEDIUM | | | libde265 v1.0.4 contains | -| | | | | | a heap buffer overflow in | -| | | | | | the put_epel_hv_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21594 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21595 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | mc_luma function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21595 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21596 | | | | libde265 v1.0.4 contains a | -| | | | | | global buffer overflow in the | -| | | | | | decode_CABAC_bit function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21596 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21597 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | mc_chroma function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21597 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21599 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | de265_image::available_zscan | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21599 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21600 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_weighted_pred_avg_16_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21600 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21601 | | | | libde265 v1.0.4 contains a | -| | | | | | stack buffer overflow in the | -| | | | | | put_qpel_fallback function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21601 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21602 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_weighted_bipred_16_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21602 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21603 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_qpel_0_0_fallback_16 | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21603 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21604 | | | | libde265 v1.0.4 contains a heap | -| | | | | | buffer overflow fault in the | -| | | | | | _mm_loadl_epi64 function,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21604 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21605 | | | | libde265 v1.0.4 contains | -| | | | | | a segmentation fault in | -| | | | | | the apply_sao_internal | -| | | | | | function, which can... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21605 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21606 | | | | libde265 v1.0.4 contains a heap | -| | | | | | buffer overflow fault in the | -| | | | | | put_epel_16_fallback function,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21606 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libexpat1 | CVE-2013-0340 | LOW | 2.2.10-2 | | expat: internal entity expansion | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-0340 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libglib2.0-0 | CVE-2012-0039 | | 2.66.8-1 | | glib2: hash table | -| | | | | | collisions CPU usage DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libheif1 | CVE-2020-23109 | HIGH | 1.11.0-1 | | Buffer overflow vulnerability | -| | | | | | in function convert_colorspace | -| | | | | | in heif_colorconversion.cc | -| | | | | | in libheif v1.6.2, allows... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-23109 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libjansson4 | CVE-2020-36325 | LOW | 2.13.1-1.1 | | jansson: out-of-bounds read in | -| | | | | | json_loads() due to a parsing error | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-36325 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libjbig0 | CVE-2017-9937 | | 2.1-3.1 | | libtiff: memory malloc failure | -| | | | | | in tif_jbig.c could cause DOS. | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-9937 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.57+dfsg-3 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| liblua5.3-0 | CVE-2019-6706 | HIGH | 5.3.3-1.1 | | lua: use-after-free in | -| | | | | | lua_upvaluejoin in lapi.c | -| | | | | | resulting in denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6706 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-24370 | MEDIUM | | | lua: segmentation fault in getlocal | -| | | | | | and setlocal functions in ldebug.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-24370 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43519 | | | | Stack overflow in lua_resume | -| | | | | | of ldo.c in Lua Interpreter | -| | | | | | 5.1.0~5.4.4 allows attackers... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43519 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libmagickcore-6.q16-6 | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libmagickwand-6.q16-6 | CVE-2021-20309 | HIGH | | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libopenjp2-7 | CVE-2021-3575 | HIGH | 2.4.0-3 | | openjpeg: heap-buffer-overflow | -| | | | | | in color.c may lead to DoS or | -| | | | | | arbitrary code execution... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3575 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-29338 | MEDIUM | | | openjpeg: out-of-bounds write due to | -| | | | | | an integer overflow in opj_compress.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29338 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-10505 | LOW | | | openjpeg: NULL pointer dereference | -| | | | | | in imagetopnm function in convert.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10505 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10506 | | | | openjpeg: Division by zero in | -| | | | | | functions opj_pi_next_cprl, | -| | | | | | opj_pi_next_pcrl, and | -| | | | | | opj_pi_next_rpcl in pi.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10506 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9113 | | | | CVE-2016-9114 CVE-2016-9115 | -| | | | | | CVE-2016-9116 CVE-2016-9117 | -| | | | | | CVE-2016-9118 openjpeg2: | -| | | | | | Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9113 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9114 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9114 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9115 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9115 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9116 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9116 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9117 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9117 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9580 | | | | openjpeg2: Integer overflow | -| | | | | | in tiftoimage causes | -| | | | | | heap buffer overflow | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9581 | | | | openjpeg2: Infinite loop | -| | | | | | in tiftoimage resulting | -| | | | | | into heap buffer overflow | -| | | | | | in convert_32s_C1P1... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17479 | | | | openjpeg: Stack-buffer overflow | -| | | | | | in the pgxtoimage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17479 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-16375 | | | | openjpeg: Heap-based buffer | -| | | | | | overflow in pnmtoimage | -| | | | | | function in bin/jpwl/convert.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-16375 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-16376 | | | | openjpeg: Heap-based buffer overflow | -| | | | | | in function t2_encode_packet | -| | | | | | in src/lib/openmj2/t2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-16376 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20846 | | | | openjpeg: out-of-bounds read in | -| | | | | | functions pi_next_lrcp, pi_next_rlcp, | -| | | | | | pi_next_rpcl, pi_next_pcrl, | -| | | | | | pi_next_rpcl, and pi_next_cprl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20846 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-6988 | | | | openjpeg: DoS via memory | -| | | | | | exhaustion in opj_decompress | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6988 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2017-11164 | | 2:8.39-13 | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libperl5.32 | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libpng16-16 | CVE-2019-6129 | | 1.6.37-3 | | libpng: memory leak of | -| | | | | | png_info struct in pngcp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6129 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 3.1-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2021-36690 | | 3.34.1-3 | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libtiff5 | CVE-2014-8130 | | 4.2.0-1 | | libtiff: divide by zero | -| | | | | | in the tiffdither tool | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-8130 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16232 | | | | libtiff: Memory leaks in | -| | | | | | tif_open.c, tif_lzw.c, and tif_aux.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16232 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17973 | | | | libtiff: heap-based use after | -| | | | | | free in tiff2pdf.c:t2p_writeproc | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17973 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-5563 | | | | libtiff: Heap-buffer overflow | -| | | | | | in LZWEncode tif_lzw.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-5563 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-9117 | | | | libtiff: Heap-based buffer | -| | | | | | over-read in bmp2tiff | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-9117 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-10126 | | | | libtiff: NULL pointer dereference | -| | | | | | in the jpeg_fdct_16x16 | -| | | | | | function in jfdctint.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-10126 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libwebp6 | CVE-2016-9085 | | 0.6.1-2.1 | | libwebp: Several integer overflows | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9085 | -+---------------------------+ + + +---------------+ + -| libwebpdemux2 | | | | | | -| | | | | | | -+---------------------------+ + + +---------------+ + -| libwebpmux3 | | | | | | -| | | | | | | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| linux-libc-dev | CVE-2021-43267 | CRITICAL | 5.10.70-1 | | kernel: Insufficient validation | -| | | | | | of user-supplied sizes for | -| | | | | | the MSG_CRYPTO message type | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43267 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-7445 | HIGH | | | kernel: memory exhaustion via | -| | | | | | crafted Graphics Execution | -| | | | | | Manager (GEM) objects | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-7445 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19378 | | | | kernel: out-of-bounds write in | -| | | | | | index_rbio_pages in fs/btrfs/raid56.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19449 | | | | kernel: mounting a crafted | -| | | | | | f2fs filesystem image can lead | -| | | | | | to slab-out-of-bounds read... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19449 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19814 | | | | kernel: out-of-bounds write | -| | | | | | in __remove_dirty_segment | -| | | | | | in fs/f2fs/segment.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19814 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12362 | | | | kernel: Integer overflow in | -| | | | | | Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12362 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26556 | | | | kernel: malleable commitment | -| | | | | | Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26556 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26557 | | | | kernel: predictable | -| | | | | | Authvalue in Bluetooth Mesh | -| | | | | | Provisioning Leads to MITM | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26557 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26559 | | | | kernel: Authvalue leak in | -| | | | | | Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26559 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26560 | | | | kernel: impersonation attack | -| | | | | | in Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26560 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3752 | | | | kernel: possible use-after-free | -| | | | | | in bluetooth module | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4001 | | | | kernel: race condition | -| | | | | | when the EBPF map is frozen | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4001 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4028 | | | | kernel: use-after-free | -| | | | | | in RDMA listen() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4028 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-41864 | | | | kernel: eBPF multiplication | -| | | | | | integer overflow in | -| | | | | | prealloc_elems_and_freelist() | -| | | | | | in kernel/bpf/stackmap.c | -| | | | | | leads to out-of-bounds... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-41864 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-15213 | MEDIUM | | | kernel: use-after-free caused | -| | | | | | by malicious USB device in | -| | | | | | drivers/media/usb/dvb-usb/dvb-usb-init.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15213 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15794 | | | | kernel: Overlayfs in the | -| | | | | | Linux kernel and shiftfs | -| | | | | | not restoring original... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15794 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16089 | | | | kernel: Improper return check | -| | | | | | in nbd_genl_status function | -| | | | | | in drivers/block/nbd.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16089 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20794 | | | | kernel: task processes not | -| | | | | | being properly ended could | -| | | | | | lead to resource exhaustion... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20794 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12363 | | | | kernel: Improper input validation | -| | | | | | in some Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12363 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12364 | | | | kernel: Null pointer dereference | -| | | | | | in some Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12364 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-14304 | | | | kernel: ethtool when reading | -| | | | | | eeprom of device could | -| | | | | | lead to memory leak... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14304 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15802 | | | | hardware: BLURtooth: "Dual | -| | | | | | mode" hardware using CTKD are | -| | | | | | vulnerable to key overwrite... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15802 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-24504 | | | | kernel: Uncontrolled resource | -| | | | | | consumption in some Intel(R) | -| | | | | | Ethernet E810 Adapter drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-24504 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26555 | | | | kernel: Bluetooth BR/EDR PIN | -| | | | | | Pairing procedure is vulnerable | -| | | | | | to an impersonation attack... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26555 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20321 | | | | kernel: In Overlayfs missing | -| | | | | | a check for a negative | -| | | | | | dentry before calling... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20321 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3640 | | | | kernel: use-after-free vulnerability | -| | | | | | in function sco_sock_sendmsg() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3640 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3669 | | | | kernel: reading /proc/sysvipc/shm | -| | | | | | does not scale with large | -| | | | | | shared memory segment counts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3669 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3744 | | | | kernel: crypto: ccp - fix resource | -| | | | | | leaks in ccp_run_aes_gcm_cmd() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3744 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3759 | | | | kernel: unaccounted ipc | -| | | | | | objects in Linux kernel lead | -| | | | | | to breaking memcg limits... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3759 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3764 | | | | kernel: DoS in | -| | | | | | ccp_run_aes_gcm_cmd() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3764 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3772 | | | | kernel: sctp: Invalid chunks | -| | | | | | may be used to remotely remove | -| | | | | | existing associations... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3772 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3847 | | | | kernel: low-privileged | -| | | | | | user privileges escalation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3847 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3892 | | | | kernel: memory leak | -| | | | | | in fib6_rule_suppress | -| | | | | | could result in DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3892 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4002 | | | | kernel: possible leak or coruption | -| | | | | | of data residing on hugetlbfs | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4002 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4037 | | | | kernel: security regression | -| | | | | | for CVE-2018-13405 | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4037 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42327 | | | | kernel: heap-based buffer overflow | -| | | | | | in dp_link_settings_write() in | -| | | | | | drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42327 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42739 | | | | kernel: Heap buffer | -| | | | | | overflow in firedtv driver | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42739 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43056 | | | | kernel: ppc: kvm: allows a malicious | -| | | | | | KVM guest to crash the host... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43056 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43389 | | | | kernel: an array-index-out-bounds | -| | | | | | in detach_capi_ctr in | -| | | | | | drivers/isdn/capi/kcapi.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43389 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43975 | | | | kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in | -| | | | | | drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43975 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43976 | | | | kernel: mwifiex_usb_recv() in | -| | | | | | drivers/net/wireless/marvell/mwifiex/usb.c | -| | | | | | allows an attacker to | -| | | | | | cause DoS via crafted... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43976 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2004-0230 | LOW | | | TCP, when using a large Window | -| | | | | | Size, makes it easier for remote... | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0230 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2005-3660 | | | | Linux kernel 2.4 and 2.6 allows | -| | | | | | attackers to cause a denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-3660 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3719 | | | | kernel: secretly Monopolizing the | -| | | | | | CPU Without Superuser Privileges | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3719 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-2544 | | | | kernel: mounting proc | -| | | | | | readonly on a different mount | -| | | | | | point silently mounts it... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-2544 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-4609 | | | | kernel: TCP protocol | -| | | | | | vulnerabilities from Outpost24 | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-4609 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-4563 | | | | kernel: ipv6: sniffer detection | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4563 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-5321 | | | | kernel: v4l: videobuf: hotfix a | -| | | | | | bug on multiple calls to mmap() | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-5321 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2011-4915 | | | | fs/proc/base.c in the Linux | -| | | | | | kernel through 3.1 allows | -| | | | | | local users to obtain... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4915 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2011-4917 | | | | -->avd.aquasec.com/nvd/cve-2011-4917 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2012-4542 | | | | kernel: block: default SCSI | -| | | | | | command filter does not accomodate | -| | | | | | commands overlap across... | -| | | | | | -->avd.aquasec.com/nvd/cve-2012-4542 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2014-9892 | | | | The snd_compr_tstamp function in | -| | | | | | sound/core/compress_offload.c in | -| | | | | | the Linux kernel through 4.7, as... | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-9892 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2014-9900 | | | | kernel: Info leak in uninitialized | -| | | | | | structure ethtool_wolinfo | -| | | | | | in ethtool_get_wol() | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-9900 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2015-2877 | | | | Kernel: Cross-VM ASL | -| | | | | | INtrospection (CAIN) | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-2877 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10723 | | | | ** DISPUTED ** An issue | -| | | | | | was discovered in the | -| | | | | | Linux kernel through... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10723 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8660 | | | | kernel: xfs: local DoS due to | -| | | | | | a page lock order bug in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8660 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-0630 | | | | kernel: Information | -| | | | | | disclosure vulnerability | -| | | | | | in kernel trace subsystem | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-0630 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-13693 | | | | kernel: ACPI operand | -| | | | | | cache leak in dsutils.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13693 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-13694 | | | | kernel: ACPI node and | -| | | | | | node_ext cache leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13694 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-1121 | | | | procps-ng, procps: process | -| | | | | | hiding through race | -| | | | | | condition enumerating /proc | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1121 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12928 | | | | kernel: NULL pointer dereference | -| | | | | | in hfs_ext_read_extent in hfs.ko | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12928 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-17977 | | | | kernel: Mishandled interactions among | -| | | | | | XFRM Netlink messages, IPPROTO_AH | -| | | | | | packets, and IPPROTO_IP packets... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-17977 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-11191 | | | | kernel: race condition in | -| | | | | | load_aout_binary() allows local | -| | | | | | users to bypass ASLR on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-11191 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12378 | | | | kernel: unchecked kmalloc | -| | | | | | of new_ra in ip6_ra_control | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12379 | | | | kernel: memory leak in | -| | | | | | con_insert_unipair in | -| | | | | | drivers/tty/vt/consolemap.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12379 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12380 | | | | kernel: memory allocation | -| | | | | | failure in the efi subsystem | -| | | | | | leads to denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12380 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12381 | | | | kernel: unchecked kmalloc | -| | | | | | of new_ra in ip_ra_control | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12381 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12382 | | | | kernel: unchecked kstrdup of | -| | | | | | fwstr in drm_load_edid_firmware | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12382 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12455 | | | | kernel: null pointer dereference | -| | | | | | in sunxi_divs_clk_setup in | -| | | | | | drivers/clk/sunxi/clk-sunxi.c | -| | | | | | causing denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12455 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12456 | | | | kernel: double fetch in the | -| | | | | | MPT3COMMAND case in _ctl_ioctl_main | -| | | | | | in drivers/scsi/mpt3sas/mpt3sas_ctl.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12456 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16229 | | | | kernel: null pointer dereference in | -| | | | | | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16229 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16230 | | | | kernel: null pointer dereference in | -| | | | | | drivers/gpu/drm/radeon/radeon_display.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16230 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16231 | | | | kernel: null-pointer dereference | -| | | | | | in drivers/net/fjes/fjes_main.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16232 | | | | kernel: null-pointer dereference in | -| | | | | | drivers/net/wireless/marvell/libertas/if_sdio.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16232 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16233 | | | | kernel: null pointer dereference | -| | | | | | in drivers/scsi/qla2xxx/qla_os.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16233 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16234 | | | | kernel: null pointer dereference in | -| | | | | | drivers/net/wireless/intel/iwlwifi/pcie/trans.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16234 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19070 | | | | kernel: A memory leak in the | -| | | | | | spi_gpio_probe() function in | -| | | | | | drivers/spi/spi-gpio.c allows for... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19070 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11725 | | | | kernel: improper handling of | -| | | | | | private_size*count multiplication | -| | | | | | due to count=info->owner typo | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11725 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27820 | | | | kernel: use-after-free | -| | | | | | in nouveau kernel module | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27820 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35501 | | | | kernel: audit not logging access | -| | | | | | to syscall open_by_handle_at for | -| | | | | | users with CAP_DAC_READ_SEARCH... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35501 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-26934 | | | | An issue was discovered in the Linux | -| | | | | | kernel 4.18 through 5.10.16, as... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-26934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-32078 | | | | kernel: out-of-bounds read in | -| | | | | | arch/arm/mach-footbridge/personal-pci.c | -| | | | | | due to improper input validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-32078 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3760 | | | | kernel: nfc: Use-After-Free | -| | | | | | vulnerability of | -| | | | | | ndev->rf_conn_info object | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3760 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| m4 | CVE-2008-1687 | | 1.4.18-5 | | m4: unquoted output of | -| | | | | | maketemp and mkstemp | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-1687 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-1688 | | | | m4: code execution via -F argument | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-1688 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+ + + +---------------+ + -| ncurses-bin | | | | | | -| | | | | | | -| | | | | | | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| patch | CVE-2010-4651 | | 2.7.6-7 | | patch: directory traversal flaw | -| | | | | | allows for arbitrary file creation | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4651 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-6951 | | | | patch: NULL pointer dereference | -| | | | | | in pch.c:intuit_diff_type() | -| | | | | | causes a crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6951 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-6952 | | | | patch: Double free of memory in | -| | | | | | pch.c:another_hunk() causes a crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6952 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| perl | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| perl-modules-5.32 | CVE-2020-16156 | MEDIUM | | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| re2c | CVE-2018-21232 | | 2.0.3-1 | | re2c: uncontrolled recursion | -| | | | | | that causes stack consumption | -| | | | | | in find_fixed_tags | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-21232 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.34+dfsg-1 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ - -usr/src/nextcloud/3rdparty/composer.lock (composer) -=================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/3rdparty/egulias/email-validator/composer.lock (composer) -=========================================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/circles/composer.lock (composer) -======================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/files_external/3rdparty/composer.lock (composer) -======================================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/support/composer.lock (composer) -======================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T20:42:45.792Z INFO Detected OS: alpine -2021-12-03T20:42:45.792Z INFO Detecting Alpine vulnerabilities... -2021-12-03T20:42:45.794Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07** - -``` -2021-12-03T20:42:47.092Z INFO Detected OS: debian -2021-12-03T20:42:47.092Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:47.108Z INFO Number of language-specific files: 2 -2021-12-03T20:42:47.108Z INFO Detecting gobinary vulnerabilities... - -bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 (debian 10.11) -========================================================================================================== -Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/wait-for-port (gobinary) -=============================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T20:42:47.700Z INFO Detected OS: alpine -2021-12-03T20:42:47.700Z INFO Detecting Alpine vulnerabilities... -2021-12-03T20:42:47.707Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe** - -``` -2021-12-03T20:42:48.382Z INFO Detected OS: debian -2021-12-03T20:42:48.382Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:48.405Z INFO Number of language-specific files: 2 -2021-12-03T20:42:48.405Z INFO Detecting gobinary vulnerabilities... -2021-12-03T20:42:48.405Z INFO Detecting jar vulnerabilities... - -bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11) -================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/docs/apps/dependency/mariadb/sec-scan.md b/docs/apps/dependency/mariadb/sec-scan.md deleted file mode 100644 index 44d574d9bac..00000000000 --- a/docs/apps/dependency/mariadb/sec-scan.md +++ /dev/null @@ -1,908 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:47:19.916Z INFO Need to update the built-in policies -2021-12-03T19:47:19.916Z INFO Downloading the built-in policies... -2021-12-03T19:47:20.611Z INFO Detected config files: 1 - -mariadb/templates/common.yaml (kubernetes) -========================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-mariadb' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-mariadb' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-mariadb' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-mariadb' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-mariadb' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-mariadb' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-mariadb' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-mariadb' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-mariadb' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:47:20.698Z INFO Need to update DB -2021-12-03T19:47:20.698Z INFO Downloading DB... -2021-12-03T19:47:24.464Z INFO Detected OS: alpine -2021-12-03T19:47:24.464Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:47:24.466Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** - -``` -2021-12-03T19:47:29.346Z INFO Detected OS: debian -2021-12-03T19:47:29.346Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:47:29.362Z INFO Number of language-specific files: 2 -2021-12-03T19:47:29.362Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) -========================================================================================================================= -Total: 144 (UNKNOWN: 0, LOW: 104, MEDIUM: 12, HIGH: 24, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | LOW | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/ini-file (gobinary) -========================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/docs/apps/dependency/memcached/sec-scan.md b/docs/apps/dependency/memcached/sec-scan.md deleted file mode 100644 index 82b31f5445a..00000000000 --- a/docs/apps/dependency/memcached/sec-scan.md +++ /dev/null @@ -1,877 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:48:25.464Z INFO Detected config files: 1 - -memcached/templates/common.yaml (kubernetes) -============================================ -Tests: 39 (SUCCESSES: 28, FAILURES: 11, EXCEPTIONS: 0) -Failures: 11 (UNKNOWN: 0, LOW: 4, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-memcached' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-memcached' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-memcached' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-memcached' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-memcached' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-memcached' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-memcached' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:48:26.594Z INFO Detected OS: alpine -2021-12-03T19:48:26.594Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:48:26.602Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569** - -``` -2021-12-03T19:48:28.787Z INFO Detected OS: debian -2021-12-03T19:48:28.787Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:48:28.804Z INFO Number of language-specific files: 1 -2021-12-03T19:48:28.804Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 (debian 10.11) -=========================================================================================================================== -Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/docs/apps/dependency/postgresql/sec-scan.md b/docs/apps/dependency/postgresql/sec-scan.md deleted file mode 100644 index 2351ec7e75a..00000000000 --- a/docs/apps/dependency/postgresql/sec-scan.md +++ /dev/null @@ -1,1111 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:49:25.561Z INFO Detected config files: 1 - -postgresql/templates/common.yaml (kubernetes) -============================================= -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-postgresql' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:49:26.640Z INFO Detected OS: alpine -2021-12-03T19:49:26.640Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:49:26.643Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** - -``` -2021-12-03T19:49:29.973Z INFO Detected OS: debian -2021-12-03T19:49:29.974Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:49:29.991Z INFO Number of language-specific files: 2 -2021-12-03T19:49:29.991Z INFO Detecting gobinary vulnerabilities... -2021-12-03T19:49:29.991Z INFO Detecting jar vulnerabilities... - -tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) -============================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/docs/apps/dependency/promtail/sec-scan.md b/docs/apps/dependency/promtail/sec-scan.md deleted file mode 100644 index 2efb1e2e4ba..00000000000 --- a/docs/apps/dependency/promtail/sec-scan.md +++ /dev/null @@ -1,544 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:50:27.019Z INFO Detected config files: 1 - -promtail/templates/common.yaml (kubernetes) -=========================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 4, MEDIUM: 9, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Container 'RELEASE-NAME-promtail' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-promtail' of | -| | | | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-promtail' of | -| | | | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-promtail' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-promtail' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-promtail' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV023 | hostPath volumes mounted | | Deployment 'RELEASE-NAME-promtail' | -| | | | | should not set | -| | | | | 'spec.template.volumes.hostPath' | -| | | | | -->avd.aquasec.com/appshield/ksv023 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | Deployment 'RELEASE-NAME-promtail' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:50:28.083Z INFO Detected OS: alpine -2021-12-03T19:50:28.083Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:50:28.087Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4** - -``` -2021-12-03T19:50:31.667Z INFO Detected OS: debian -2021-12-03T19:50:31.667Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:50:31.681Z INFO Number of language-specific files: 1 -2021-12-03T19:50:31.681Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 (debian 11.1) -======================================================================================================================== -Total: 65 (UNKNOWN: 0, LOW: 60, MEDIUM: 1, HIGH: 2, CRITICAL: 2) - -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| apt | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.32-4 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libapt-pkg6.0 | CVE-2011-3374 | | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+-----------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+------------------+------------------+----------+ +---------------+-----------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+-----------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+-----------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+-----------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+-----------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+-----------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libpcre3 | CVE-2017-11164 | | 2:8.39-13 | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 3.1-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libsystemd-dev | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+------------------+------------------+ + +---------------+-----------------------------------------+ -| libsystemd0 | CVE-2013-4392 | | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| libudev1 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| login | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| ncurses-bin | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+-----------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+-----------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +-------------------+---------------+-----------------------------------------+ -| tar | CVE-2005-2541 | | 1.34+dfsg-1 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ - -usr/bin/promtail (gobinary) -=========================== -Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) - -+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ -| github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.5.4 | v1.4.11, v1.5.7 | containerd: insufficiently | -| | | | | | restricted permissions on container | -| | | | | | root and plugin directories | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-41103 | -+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ -| github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 | prometheus: Stored DOM | -| | | | | | cross-site scripting (XSS) | -| | | | | | attack via crafted URL | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3826 | -+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ -``` diff --git a/docs/apps/dependency/redis/sec-scan.md b/docs/apps/dependency/redis/sec-scan.md deleted file mode 100644 index a69a357b69f..00000000000 --- a/docs/apps/dependency/redis/sec-scan.md +++ /dev/null @@ -1,891 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T19:51:28.440Z INFO Detected config files: 1 - -redis/templates/common.yaml (kubernetes) -======================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae - -##### Scan Results - -**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T19:51:29.491Z INFO Detected OS: alpine -2021-12-03T19:51:29.491Z INFO Detecting Alpine vulnerabilities... -2021-12-03T19:51:29.495Z INFO Number of language-specific files: 0 - -tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae** - -``` -2021-12-03T19:51:31.914Z INFO Detected OS: debian -2021-12-03T19:51:31.914Z INFO Detecting Debian vulnerabilities... -2021-12-03T19:51:31.930Z INFO Number of language-specific files: 2 -2021-12-03T19:51:31.930Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae (debian 10.11) -====================================================================================================================== -Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/wait-for-port (gobinary) -=============================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/docs/apps/stable/authelia/sec-scan.md b/docs/apps/stable/authelia/sec-scan.md deleted file mode 100644 index 1ed8c998a99..00000000000 --- a/docs/apps/stable/authelia/sec-scan.md +++ /dev/null @@ -1,3135 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T22:24:36.061Z INFO Need to update the built-in policies -2021-12-03T22:24:36.061Z INFO Downloading the built-in policies... -2021-12-03T22:24:37.192Z INFO Detected config files: 3 - -authelia/charts/postgresql/templates/common.yaml (kubernetes) -============================================================= -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-postgresql' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ - -authelia/charts/redis/templates/common.yaml (kubernetes) -======================================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ - -authelia/templates/common.yaml (kubernetes) -=========================================== -Tests: 46 (SUCCESSES: 28, FAILURES: 18, EXCEPTIONS: 0) -Failures: 18 (UNKNOWN: 0, LOW: 6, MEDIUM: 12, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+ -| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | Container 'postgresql-init' of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.allowPrivilegeEscalation' | -| | | | | to false | -| | | | | -->avd.aquasec.com/appshield/ksv001 | -+ +------------+----------------------------------------+----------+--------------------------------------------+ -| | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-authelia' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+----------------------------------------+----------+--------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+----------------------------------------+----------+--------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-authelia' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +--------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+----------------------------------------+ +--------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+----------------------------------------+----------+--------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-authelia' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +--------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' of | -| | | | | Deployment 'RELEASE-NAME-authelia' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+----------------------------------------+ +--------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-authelia' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +--------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+----------------------------------------+ +--------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-authelia' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +--------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +--------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-authelia' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe - tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe - -##### Scan Results - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T22:24:37.301Z INFO Need to update DB -2021-12-03T22:24:37.301Z INFO Downloading DB... -2021-12-03T22:24:41.371Z INFO Detected OS: alpine -2021-12-03T22:24:41.371Z INFO Detecting Alpine vulnerabilities... -2021-12-03T22:24:41.373Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe** - -``` -2021-12-03T22:24:44.845Z INFO Detected OS: debian -2021-12-03T22:24:44.845Z INFO Detecting Debian vulnerabilities... -2021-12-03T22:24:44.865Z INFO Number of language-specific files: 2 -2021-12-03T22:24:44.865Z INFO Detecting gobinary vulnerabilities... -2021-12-03T22:24:44.865Z INFO Detecting jar vulnerabilities... - -bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11) -================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d** - -``` -2021-12-03T22:24:46.760Z INFO Detected OS: alpine -2021-12-03T22:24:46.760Z WARN This OS version is not on the EOL list: alpine 3.15 -2021-12-03T22:24:46.760Z INFO Detecting Alpine vulnerabilities... -2021-12-03T22:24:46.760Z INFO Number of language-specific files: 1 -2021-12-03T22:24:46.760Z INFO Detecting gobinary vulnerabilities... -2021-12-03T22:24:46.761Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0 -2021-12-03T22:24:46.761Z WARN The vulnerability detection may be insufficient because security updates are not provided - -tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d (alpine 3.15.0) -=========================================================================================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -app/authelia (gobinary) -======================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T22:24:47.657Z INFO Detected OS: alpine -2021-12-03T22:24:47.657Z INFO Detecting Alpine vulnerabilities... -2021-12-03T22:24:47.664Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07** - -``` -2021-12-03T22:24:49.208Z INFO Detected OS: debian -2021-12-03T22:24:49.208Z INFO Detecting Debian vulnerabilities... -2021-12-03T22:24:49.225Z INFO Number of language-specific files: 2 -2021-12-03T22:24:49.225Z INFO Detecting gobinary vulnerabilities... - -bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 (debian 10.11) -========================================================================================================== -Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/wait-for-port (gobinary) -=============================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T22:24:49.888Z INFO Detected OS: alpine -2021-12-03T22:24:49.888Z INFO Detecting Alpine vulnerabilities... -2021-12-03T22:24:49.897Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe** - -``` -2021-12-03T22:24:50.778Z INFO Detected OS: debian -2021-12-03T22:24:50.778Z INFO Detecting Debian vulnerabilities... -2021-12-03T22:24:50.800Z INFO Number of language-specific files: 2 -2021-12-03T22:24:50.801Z INFO Detecting gobinary vulnerabilities... -2021-12-03T22:24:50.801Z INFO Detecting jar vulnerabilities... - -bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11) -================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/docs/apps/stable/jackett/sec-scan.md b/docs/apps/stable/jackett/sec-scan.md deleted file mode 100644 index 79b22e1f84b..00000000000 --- a/docs/apps/stable/jackett/sec-scan.md +++ /dev/null @@ -1,600 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T18:33:16.449Z INFO Need to update the built-in policies -2021-12-03T18:33:16.449Z INFO Downloading the built-in policies... -2021-12-03T18:33:17.259Z INFO Detected config files: 1 - -jackett/templates/common.yaml (kubernetes) -========================================== -Tests: 40 (SUCCESSES: 28, FAILURES: 12, EXCEPTIONS: 0) -Failures: 12 (UNKNOWN: 0, LOW: 5, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-jackett' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-jackett' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-jackett' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------+----------+------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------+ +------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-jackett' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-jackett' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+---------------------------+------------+-----------------------------------+----------+------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 - -##### Scan Results - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T18:33:17.339Z INFO Need to update DB -2021-12-03T18:33:17.340Z INFO Downloading DB... -2021-12-03T18:33:19.939Z INFO Detected OS: alpine -2021-12-03T18:33:19.939Z INFO Detecting Alpine vulnerabilities... -2021-12-03T18:33:19.941Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79** - -``` -2021-12-03T18:33:24.300Z INFO Detected OS: ubuntu -2021-12-03T18:33:24.300Z INFO Detecting Ubuntu vulnerabilities... -2021-12-03T18:33:24.303Z INFO Number of language-specific files: 1 -2021-12-03T18:33:24.303Z INFO Detecting gobinary vulnerabilities... - -tccr.io/truecharts/jackett:v0.20.83@sha256:b24ade69bfc1b9725c42043c0b4aab341aed7c2cb462fdc21bb5287aaa574d79 (ubuntu 20.04) -========================================================================================================================== -Total: 76 (UNKNOWN: 0, LOW: 52, MEDIUM: 24, HIGH: 0, CRITICAL: 0) - -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| bind9-dnsutils | CVE-2021-25219 | MEDIUM | 1:9.16.1-0ubuntu2.8 | 1:9.16.1-0ubuntu2.9 | bind: Lame cache can be abused to | -| | | | | | severely degrade resolver performance | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-25219 | -+----------------------+ + + + + + -| bind9-host | | | | | | -| | | | | | | -| | | | | | | -+----------------------+ + + + + + -| bind9-libs | | | | | | -| | | | | | | -| | | | | | | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| coreutils | CVE-2016-2781 | LOW | 8.30-3ubuntu2 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| dnsutils | CVE-2021-25219 | MEDIUM | 1:9.16.1-0ubuntu2.8 | 1:9.16.1-0ubuntu2.9 | bind: Lame cache can be abused to | -| | | | | | severely degrade resolver performance | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-25219 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libasn1-8-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libc-bin | CVE-2021-35942 | MEDIUM | 2.31-0ubuntu9.2 | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | -| | | | | | helper_thread() in mq_notify.c while | -| | | | | | handling NOTIFY_REMOVED messages... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2019-25013 | | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | -| | | | | | when converting invalid UCS4 | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-33574 | | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ -| libc6 | CVE-2021-35942 | MEDIUM | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | -| | | | | | helper_thread() in mq_notify.c while | -| | | | | | handling NOTIFY_REMOVED messages... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2019-25013 | | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | -| | | | | | when converting invalid UCS4 | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-33574 | | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libgmp10 | CVE-2021-43618 | | 2:6.2.0+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libgssapi-krb5-2 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | -| | | | | | PA-ENCRYPTED-CHALLENGE padata | -| | | | | | element without using FAST could... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2018-5709 | LOW | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libgssapi3-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+ + + +-------------------------+ + -| libhcrypto4-heimdal | | | | | | -| | | | | | | -| | | | | | | -+----------------------+ + + +-------------------------+ + -| libheimbase1-heimdal | | | | | | -| | | | | | | -| | | | | | | -+----------------------+ + + +-------------------------+ + -| libheimntlm0-heimdal | | | | | | -| | | | | | | -| | | | | | | -+----------------------+ + + +-------------------------+ + -| libhx509-5-heimdal | | | | | | -| | | | | | | -| | | | | | | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libk5crypto3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | -| | | | | | PA-ENCRYPTED-CHALLENGE padata | -| | | | | | element without using FAST could... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2018-5709 | LOW | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libkrb5-26-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libkrb5-3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | krb5: Sending a request containing | -| | | | | | PA-ENCRYPTED-CHALLENGE padata | -| | | | | | element without using FAST could... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2018-5709 | LOW | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ -| libkrb5support0 | CVE-2021-36222 | MEDIUM | | | krb5: Sending a request containing | -| | | | | | PA-ENCRYPTED-CHALLENGE padata | -| | | | | | element without using FAST could... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36222 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2018-5709 | LOW | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libpcre3 | CVE-2017-11164 | | 2:8.39-12build1 | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-14155 | | | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libpython3.8-minimal | CVE-2021-29921 | MEDIUM | 3.8.10-0ubuntu1~20.04 | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | -| | | | | | validation of octal strings | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3737 | | | | python: urllib: HTTP client | -| | | | | | possible infinite loop on | -| | | | | | a 100 Continue response... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | -| | | | | | via urllib.parse.parse_qsl | -| | | | | | and urllib.parse.parse_qs | -| | | | | | by using a semicolon... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | -+----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ -| libpython3.8-stdlib | CVE-2021-29921 | MEDIUM | | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | -| | | | | | validation of octal strings | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3737 | | | | python: urllib: HTTP client | -| | | | | | possible infinite loop on | -| | | | | | a 100 Continue response... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | -| | | | | | via urllib.parse.parse_qsl | -| | | | | | and urllib.parse.parse_qs | -| | | | | | by using a semicolon... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libroken18-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| libsqlite3-0 | CVE-2020-9794 | MEDIUM | 3.31.1-4ubuntu0.2 | | An out-of-bounds read was | -| | | | | | addressed with improved bounds | -| | | | | | checking. This issue is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-9794 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2020-9849 | LOW | | | An information disclosure issue | -| | | | | | was addressed with improved | -| | | | | | state management. This issue... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-9849 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-9991 | | | | This issue was addressed | -| | | | | | with improved checks. | -| | | | | | This issue is fixed in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-9991 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.16.0-2 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| libwind0-heimdal | CVE-2021-3671 | | 7.7.0+dfsg-1ubuntu1 | | samba: Null pointer dereference | -| | | | | | on missing sname in TGS-REQ | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3671 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| locales | CVE-2021-35942 | MEDIUM | 2.31-0ubuntu9.2 | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-38604 | | | | glibc: NULL pointer dereference in | -| | | | | | helper_thread() in mq_notify.c while | -| | | | | | handling NOTIFY_REMOVED messages... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-38604 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2016-10228 | LOW | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2019-25013 | | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-29562 | | | | glibc: assertion failure in iconv | -| | | | | | when converting invalid UCS4 | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-29562 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-33574 | | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| login | CVE-2013-4235 | | 1:4.8.1-1ubuntu5.20.04.1 | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+----------------------+ + + +-------------------------+ + -| passwd | | | | | | -| | | | | | | -| | | | | | | -| | | | | | | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+----------------------+------------------+ +--------------------------+-------------------------+-----------------------------------------+ -| python3.8 | CVE-2021-29921 | | 3.8.10-0ubuntu1~20.04 | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | -| | | | | | validation of octal strings | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3737 | | | | python: urllib: HTTP client | -| | | | | | possible infinite loop on | -| | | | | | a 100 Continue response... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | -| | | | | | via urllib.parse.parse_qsl | -| | | | | | and urllib.parse.parse_qs | -| | | | | | by using a semicolon... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | -+----------------------+------------------+----------+ +-------------------------+-----------------------------------------+ -| python3.8-minimal | CVE-2021-29921 | MEDIUM | | 3.8.10-0ubuntu1~20.04.1 | python-ipaddress: Improper input | -| | | | | | validation of octal strings | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29921 | -+ +------------------+ + +-------------------------+-----------------------------------------+ -| | CVE-2021-3737 | | | | python: urllib: HTTP client | -| | | | | | possible infinite loop on | -| | | | | | a 100 Continue response... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3737 | -+ +------------------+----------+ +-------------------------+-----------------------------------------+ -| | CVE-2021-23336 | LOW | | | python: Web cache poisoning | -| | | | | | via urllib.parse.parse_qsl | -| | | | | | and urllib.parse.parse_qs | -| | | | | | by using a semicolon... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-23336 | -+----------------------+------------------+----------+--------------------------+-------------------------+-----------------------------------------+ - -usr/local/bin/micro (gobinary) -============================== -Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0) - -+------------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.7 | v2.2.8 | kubernetes: Denial of | -| | | | | | service in API server via | -| | | | | | crafted YAML payloads by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-11254 | -+------------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` diff --git a/docs/apps/stable/nextcloud/sec-scan.md b/docs/apps/stable/nextcloud/sec-scan.md deleted file mode 100644 index 02a9d604544..00000000000 --- a/docs/apps/stable/nextcloud/sec-scan.md +++ /dev/null @@ -1,7405 +0,0 @@ -# Security Scan - -## Helm-Chart - -##### Scan Results - -``` -2021-12-03T20:42:27.633Z INFO Need to update the built-in policies -2021-12-03T20:42:27.633Z INFO Downloading the built-in policies... -2021-12-03T20:42:28.661Z INFO Detected config files: 3 - -nextcloud/charts/postgresql/templates/common.yaml (kubernetes) -============================================================== -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-postgresql' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-postgresql' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-postgresql' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-postgresql' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-postgresql' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ - -nextcloud/charts/redis/templates/common.yaml (kubernetes) -========================================================= -Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) -Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of StatefulSet | -| | | | | 'RELEASE-NAME-redis' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ - -nextcloud/templates/common.yaml (kubernetes) -============================================ -Tests: 57 (SUCCESSES: 28, FAILURES: 29, EXCEPTIONS: 0) -Failures: 29 (UNKNOWN: 0, LOW: 11, MEDIUM: 18, HIGH: 0, CRITICAL: 0) - -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should set | -| | | | | 'securityContext.allowPrivilegeEscalation' | -| | | | | to false | -| | | | | -->avd.aquasec.com/appshield/ksv001 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.allowPrivilegeEscalation' | -| | | | | to false | -| | | | | -->avd.aquasec.com/appshield/ksv001 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-nextcloud' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should add 'ALL' to | -| | | | | 'securityContext.capabilities.drop' | -| | | | | -->avd.aquasec.com/appshield/ksv003 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV012 | Runs as root user | MEDIUM | Container 'RELEASE-NAME-nextcloud' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' should | -| | | | | set 'securityContext.runAsNonRoot' to | -| | | | | true -->avd.aquasec.com/appshield/ksv012 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsNonRoot' to true | -| | | | | -->avd.aquasec.com/appshield/ksv012 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-nextcloud' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify an image tag | -| | | | | -->avd.aquasec.com/appshield/ksv013 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-nextcloud' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.readOnlyRootFilesystem' | -| | | | | to true | -| | | | | -->avd.aquasec.com/appshield/ksv014 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-nextcloud' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' of | -| | | | | Deployment 'RELEASE-NAME-nextcloud' | -| | | | | should specify a seccomp profile | -| | | | | -->avd.aquasec.com/appshield/ksv019 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-nextcloud' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' should | -| | | | | set 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsUser' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv020 | -+ +------------+-----------------------------------------+ +----------------------------------------------+ -| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-nextcloud' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'autopermissions' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'nextcloud' of CronJob | -| | | | | 'RELEASE-NAME-nextcloud-cronjob' should | -| | | | | set 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ + + + +----------------------------------------------+ -| | | | | Container 'postgresql-init' | -| | | | | of Deployment | -| | | | | 'RELEASE-NAME-nextcloud' should set | -| | | | | 'securityContext.runAsGroup' > 10000 | -| | | | | -->avd.aquasec.com/appshield/ksv021 | -+ +------------+-----------------------------------------+----------+----------------------------------------------+ -| | KSV029 | A root primary or supplementary GID set | LOW | Deployment 'RELEASE-NAME-nextcloud' should | -| | | | | set 'spec.securityContext.runAsGroup', | -| | | | | 'spec.securityContext.supplementalGroups[*]' | -| | | | | and 'spec.securityContext.fsGroup' | -| | | | | to integer greater than 0 | -| | | | | -->avd.aquasec.com/appshield/ksv029 | -+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ -``` - -## Containers - -##### Detected Containers - - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe - tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e - tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 - ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c - bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe - -##### Scan Results - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T20:42:28.758Z INFO Need to update DB -2021-12-03T20:42:28.758Z INFO Downloading DB... -2021-12-03T20:42:31.243Z INFO Detected OS: alpine -2021-12-03T20:42:31.243Z INFO Detecting Alpine vulnerabilities... -2021-12-03T20:42:31.244Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe** - -``` -2021-12-03T20:42:34.038Z INFO Detected OS: debian -2021-12-03T20:42:34.038Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:34.056Z INFO Number of language-specific files: 2 -2021-12-03T20:42:34.056Z INFO Detecting gobinary vulnerabilities... -2021-12-03T20:42:34.056Z INFO Detecting jar vulnerabilities... - -bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11) -================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e** - -``` -2021-12-03T20:42:43.765Z INFO Detected OS: debian -2021-12-03T20:42:43.765Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:43.822Z INFO Number of language-specific files: 5 -2021-12-03T20:42:43.823Z INFO Detecting composer vulnerabilities... - -tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e (debian 11.1) -========================================================================================================================== -Total: 449 (UNKNOWN: 0, LOW: 332, MEDIUM: 66, HIGH: 40, CRITICAL: 11) - -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-bin | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-data | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-utils | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| binutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| binutils-common | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| binutils-x86-64-linux-gnu | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| busybox-static | CVE-2021-42377 | CRITICAL | 1:1.30.1-6 | | busybox: an attacker-controlled | -| | | | | | pointer free in hush applet | -| | | | | | leads to denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42377 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-28831 | HIGH | | | busybox: invalid free or segmentation | -| | | | | | fault via malformed gzip data | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-28831 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42378 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-1000500 | LOW | | | busybox: wget: Missing | -| | | | | | SSL certificate validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000500 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42373 | | | | busybox: NULL pointer | -| | | | | | dereference in man applet | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42373 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42374 | | | | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42375 | | | | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42376 | | | | busybox: NULL pointer | -| | | | | | dereference in hush applet | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42376 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.32-4 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22945 | CRITICAL | 7.74.0-1.3 | | curl: use-after-free and | -| | | | | | double-free in MQTT sending | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22945 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22946 | HIGH | | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| imagemagick-6-common | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libaom0 | CVE-2021-30473 | CRITICAL | 1.0.0.errata1-3 | | aom_image.c in libaom in | -| | | | | | AOMedia before 2021-04-07 | -| | | | | | frees memory that is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30473 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-30474 | | | | aom_dsp/grain_table.c in | -| | | | | | libaom in AOMedia before | -| | | | | | 2021-03-30 has a use-after-free. | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30474 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-30475 | | | | aom_dsp/noise_model.c in libaom | -| | | | | | in AOMedia before 2021-03-24 | -| | | | | | has a buffer overflow. | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30475 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg6.0 | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libbinutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-dev-bin | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6-dev | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libctf-nobfd0 | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libctf0 | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22945 | CRITICAL | 7.74.0-1.3 | | curl: use-after-free and | -| | | | | | double-free in MQTT sending | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22945 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22946 | HIGH | | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libde265-0 | CVE-2020-21598 | HIGH | 1.0.8-1 | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | ff_hevc_put_unweighted_pred_8_sse | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21598 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-21594 | MEDIUM | | | libde265 v1.0.4 contains | -| | | | | | a heap buffer overflow in | -| | | | | | the put_epel_hv_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21594 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21595 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | mc_luma function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21595 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21596 | | | | libde265 v1.0.4 contains a | -| | | | | | global buffer overflow in the | -| | | | | | decode_CABAC_bit function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21596 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21597 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | mc_chroma function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21597 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21599 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | de265_image::available_zscan | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21599 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21600 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_weighted_pred_avg_16_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21600 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21601 | | | | libde265 v1.0.4 contains a | -| | | | | | stack buffer overflow in the | -| | | | | | put_qpel_fallback function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21601 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21602 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_weighted_bipred_16_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21602 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21603 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_qpel_0_0_fallback_16 | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21603 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21604 | | | | libde265 v1.0.4 contains a heap | -| | | | | | buffer overflow fault in the | -| | | | | | _mm_loadl_epi64 function,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21604 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21605 | | | | libde265 v1.0.4 contains | -| | | | | | a segmentation fault in | -| | | | | | the apply_sao_internal | -| | | | | | function, which can... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21605 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21606 | | | | libde265 v1.0.4 contains a heap | -| | | | | | buffer overflow fault in the | -| | | | | | put_epel_16_fallback function,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21606 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libexpat1 | CVE-2013-0340 | LOW | 2.2.10-2 | | expat: internal entity expansion | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-0340 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libglib2.0-0 | CVE-2012-0039 | | 2.66.8-1 | | glib2: hash table | -| | | | | | collisions CPU usage DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libheif1 | CVE-2020-23109 | HIGH | 1.11.0-1 | | Buffer overflow vulnerability | -| | | | | | in function convert_colorspace | -| | | | | | in heif_colorconversion.cc | -| | | | | | in libheif v1.6.2, allows... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-23109 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libjansson4 | CVE-2020-36325 | LOW | 2.13.1-1.1 | | jansson: out-of-bounds read in | -| | | | | | json_loads() due to a parsing error | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-36325 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libjbig0 | CVE-2017-9937 | | 2.1-3.1 | | libtiff: memory malloc failure | -| | | | | | in tif_jbig.c could cause DOS. | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-9937 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.57+dfsg-3 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| liblua5.3-0 | CVE-2019-6706 | HIGH | 5.3.3-1.1 | | lua: use-after-free in | -| | | | | | lua_upvaluejoin in lapi.c | -| | | | | | resulting in denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6706 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-24370 | MEDIUM | | | lua: segmentation fault in getlocal | -| | | | | | and setlocal functions in ldebug.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-24370 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43519 | | | | Stack overflow in lua_resume | -| | | | | | of ldo.c in Lua Interpreter | -| | | | | | 5.1.0~5.4.4 allows attackers... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43519 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libmagickcore-6.q16-6 | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libmagickwand-6.q16-6 | CVE-2021-20309 | HIGH | | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libopenjp2-7 | CVE-2021-3575 | HIGH | 2.4.0-3 | | openjpeg: heap-buffer-overflow | -| | | | | | in color.c may lead to DoS or | -| | | | | | arbitrary code execution... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3575 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-29338 | MEDIUM | | | openjpeg: out-of-bounds write due to | -| | | | | | an integer overflow in opj_compress.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29338 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-10505 | LOW | | | openjpeg: NULL pointer dereference | -| | | | | | in imagetopnm function in convert.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10505 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10506 | | | | openjpeg: Division by zero in | -| | | | | | functions opj_pi_next_cprl, | -| | | | | | opj_pi_next_pcrl, and | -| | | | | | opj_pi_next_rpcl in pi.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10506 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9113 | | | | CVE-2016-9114 CVE-2016-9115 | -| | | | | | CVE-2016-9116 CVE-2016-9117 | -| | | | | | CVE-2016-9118 openjpeg2: | -| | | | | | Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9113 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9114 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9114 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9115 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9115 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9116 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9116 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9117 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9117 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9580 | | | | openjpeg2: Integer overflow | -| | | | | | in tiftoimage causes | -| | | | | | heap buffer overflow | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9581 | | | | openjpeg2: Infinite loop | -| | | | | | in tiftoimage resulting | -| | | | | | into heap buffer overflow | -| | | | | | in convert_32s_C1P1... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17479 | | | | openjpeg: Stack-buffer overflow | -| | | | | | in the pgxtoimage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17479 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-16375 | | | | openjpeg: Heap-based buffer | -| | | | | | overflow in pnmtoimage | -| | | | | | function in bin/jpwl/convert.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-16375 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-16376 | | | | openjpeg: Heap-based buffer overflow | -| | | | | | in function t2_encode_packet | -| | | | | | in src/lib/openmj2/t2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-16376 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20846 | | | | openjpeg: out-of-bounds read in | -| | | | | | functions pi_next_lrcp, pi_next_rlcp, | -| | | | | | pi_next_rpcl, pi_next_pcrl, | -| | | | | | pi_next_rpcl, and pi_next_cprl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20846 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-6988 | | | | openjpeg: DoS via memory | -| | | | | | exhaustion in opj_decompress | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6988 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2017-11164 | | 2:8.39-13 | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libperl5.32 | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libpng16-16 | CVE-2019-6129 | | 1.6.37-3 | | libpng: memory leak of | -| | | | | | png_info struct in pngcp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6129 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 3.1-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2021-36690 | | 3.34.1-3 | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libtiff5 | CVE-2014-8130 | | 4.2.0-1 | | libtiff: divide by zero | -| | | | | | in the tiffdither tool | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-8130 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16232 | | | | libtiff: Memory leaks in | -| | | | | | tif_open.c, tif_lzw.c, and tif_aux.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16232 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17973 | | | | libtiff: heap-based use after | -| | | | | | free in tiff2pdf.c:t2p_writeproc | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17973 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-5563 | | | | libtiff: Heap-buffer overflow | -| | | | | | in LZWEncode tif_lzw.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-5563 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-9117 | | | | libtiff: Heap-based buffer | -| | | | | | over-read in bmp2tiff | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-9117 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-10126 | | | | libtiff: NULL pointer dereference | -| | | | | | in the jpeg_fdct_16x16 | -| | | | | | function in jfdctint.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-10126 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libwebp6 | CVE-2016-9085 | | 0.6.1-2.1 | | libwebp: Several integer overflows | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9085 | -+---------------------------+ + + +---------------+ + -| libwebpdemux2 | | | | | | -| | | | | | | -+---------------------------+ + + +---------------+ + -| libwebpmux3 | | | | | | -| | | | | | | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| linux-libc-dev | CVE-2021-43267 | CRITICAL | 5.10.70-1 | | kernel: Insufficient validation | -| | | | | | of user-supplied sizes for | -| | | | | | the MSG_CRYPTO message type | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43267 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-7445 | HIGH | | | kernel: memory exhaustion via | -| | | | | | crafted Graphics Execution | -| | | | | | Manager (GEM) objects | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-7445 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19378 | | | | kernel: out-of-bounds write in | -| | | | | | index_rbio_pages in fs/btrfs/raid56.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19449 | | | | kernel: mounting a crafted | -| | | | | | f2fs filesystem image can lead | -| | | | | | to slab-out-of-bounds read... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19449 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19814 | | | | kernel: out-of-bounds write | -| | | | | | in __remove_dirty_segment | -| | | | | | in fs/f2fs/segment.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19814 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12362 | | | | kernel: Integer overflow in | -| | | | | | Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12362 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26556 | | | | kernel: malleable commitment | -| | | | | | Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26556 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26557 | | | | kernel: predictable | -| | | | | | Authvalue in Bluetooth Mesh | -| | | | | | Provisioning Leads to MITM | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26557 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26559 | | | | kernel: Authvalue leak in | -| | | | | | Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26559 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26560 | | | | kernel: impersonation attack | -| | | | | | in Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26560 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3752 | | | | kernel: possible use-after-free | -| | | | | | in bluetooth module | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4001 | | | | kernel: race condition | -| | | | | | when the EBPF map is frozen | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4001 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4028 | | | | kernel: use-after-free | -| | | | | | in RDMA listen() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4028 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-41864 | | | | kernel: eBPF multiplication | -| | | | | | integer overflow in | -| | | | | | prealloc_elems_and_freelist() | -| | | | | | in kernel/bpf/stackmap.c | -| | | | | | leads to out-of-bounds... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-41864 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-15213 | MEDIUM | | | kernel: use-after-free caused | -| | | | | | by malicious USB device in | -| | | | | | drivers/media/usb/dvb-usb/dvb-usb-init.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15213 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15794 | | | | kernel: Overlayfs in the | -| | | | | | Linux kernel and shiftfs | -| | | | | | not restoring original... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15794 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16089 | | | | kernel: Improper return check | -| | | | | | in nbd_genl_status function | -| | | | | | in drivers/block/nbd.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16089 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20794 | | | | kernel: task processes not | -| | | | | | being properly ended could | -| | | | | | lead to resource exhaustion... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20794 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12363 | | | | kernel: Improper input validation | -| | | | | | in some Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12363 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12364 | | | | kernel: Null pointer dereference | -| | | | | | in some Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12364 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-14304 | | | | kernel: ethtool when reading | -| | | | | | eeprom of device could | -| | | | | | lead to memory leak... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14304 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15802 | | | | hardware: BLURtooth: "Dual | -| | | | | | mode" hardware using CTKD are | -| | | | | | vulnerable to key overwrite... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15802 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-24504 | | | | kernel: Uncontrolled resource | -| | | | | | consumption in some Intel(R) | -| | | | | | Ethernet E810 Adapter drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-24504 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26555 | | | | kernel: Bluetooth BR/EDR PIN | -| | | | | | Pairing procedure is vulnerable | -| | | | | | to an impersonation attack... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26555 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20321 | | | | kernel: In Overlayfs missing | -| | | | | | a check for a negative | -| | | | | | dentry before calling... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20321 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3640 | | | | kernel: use-after-free vulnerability | -| | | | | | in function sco_sock_sendmsg() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3640 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3669 | | | | kernel: reading /proc/sysvipc/shm | -| | | | | | does not scale with large | -| | | | | | shared memory segment counts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3669 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3744 | | | | kernel: crypto: ccp - fix resource | -| | | | | | leaks in ccp_run_aes_gcm_cmd() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3744 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3759 | | | | kernel: unaccounted ipc | -| | | | | | objects in Linux kernel lead | -| | | | | | to breaking memcg limits... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3759 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3764 | | | | kernel: DoS in | -| | | | | | ccp_run_aes_gcm_cmd() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3764 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3772 | | | | kernel: sctp: Invalid chunks | -| | | | | | may be used to remotely remove | -| | | | | | existing associations... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3772 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3847 | | | | kernel: low-privileged | -| | | | | | user privileges escalation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3847 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3892 | | | | kernel: memory leak | -| | | | | | in fib6_rule_suppress | -| | | | | | could result in DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3892 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4002 | | | | kernel: possible leak or coruption | -| | | | | | of data residing on hugetlbfs | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4002 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4037 | | | | kernel: security regression | -| | | | | | for CVE-2018-13405 | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4037 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42327 | | | | kernel: heap-based buffer overflow | -| | | | | | in dp_link_settings_write() in | -| | | | | | drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42327 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42739 | | | | kernel: Heap buffer | -| | | | | | overflow in firedtv driver | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42739 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43056 | | | | kernel: ppc: kvm: allows a malicious | -| | | | | | KVM guest to crash the host... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43056 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43389 | | | | kernel: an array-index-out-bounds | -| | | | | | in detach_capi_ctr in | -| | | | | | drivers/isdn/capi/kcapi.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43389 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43975 | | | | kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in | -| | | | | | drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43975 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43976 | | | | kernel: mwifiex_usb_recv() in | -| | | | | | drivers/net/wireless/marvell/mwifiex/usb.c | -| | | | | | allows an attacker to | -| | | | | | cause DoS via crafted... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43976 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2004-0230 | LOW | | | TCP, when using a large Window | -| | | | | | Size, makes it easier for remote... | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0230 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2005-3660 | | | | Linux kernel 2.4 and 2.6 allows | -| | | | | | attackers to cause a denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-3660 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3719 | | | | kernel: secretly Monopolizing the | -| | | | | | CPU Without Superuser Privileges | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3719 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-2544 | | | | kernel: mounting proc | -| | | | | | readonly on a different mount | -| | | | | | point silently mounts it... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-2544 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-4609 | | | | kernel: TCP protocol | -| | | | | | vulnerabilities from Outpost24 | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-4609 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-4563 | | | | kernel: ipv6: sniffer detection | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4563 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-5321 | | | | kernel: v4l: videobuf: hotfix a | -| | | | | | bug on multiple calls to mmap() | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-5321 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2011-4915 | | | | fs/proc/base.c in the Linux | -| | | | | | kernel through 3.1 allows | -| | | | | | local users to obtain... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4915 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2011-4917 | | | | -->avd.aquasec.com/nvd/cve-2011-4917 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2012-4542 | | | | kernel: block: default SCSI | -| | | | | | command filter does not accomodate | -| | | | | | commands overlap across... | -| | | | | | -->avd.aquasec.com/nvd/cve-2012-4542 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2014-9892 | | | | The snd_compr_tstamp function in | -| | | | | | sound/core/compress_offload.c in | -| | | | | | the Linux kernel through 4.7, as... | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-9892 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2014-9900 | | | | kernel: Info leak in uninitialized | -| | | | | | structure ethtool_wolinfo | -| | | | | | in ethtool_get_wol() | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-9900 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2015-2877 | | | | Kernel: Cross-VM ASL | -| | | | | | INtrospection (CAIN) | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-2877 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10723 | | | | ** DISPUTED ** An issue | -| | | | | | was discovered in the | -| | | | | | Linux kernel through... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10723 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8660 | | | | kernel: xfs: local DoS due to | -| | | | | | a page lock order bug in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8660 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-0630 | | | | kernel: Information | -| | | | | | disclosure vulnerability | -| | | | | | in kernel trace subsystem | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-0630 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-13693 | | | | kernel: ACPI operand | -| | | | | | cache leak in dsutils.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13693 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-13694 | | | | kernel: ACPI node and | -| | | | | | node_ext cache leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13694 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-1121 | | | | procps-ng, procps: process | -| | | | | | hiding through race | -| | | | | | condition enumerating /proc | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1121 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12928 | | | | kernel: NULL pointer dereference | -| | | | | | in hfs_ext_read_extent in hfs.ko | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12928 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-17977 | | | | kernel: Mishandled interactions among | -| | | | | | XFRM Netlink messages, IPPROTO_AH | -| | | | | | packets, and IPPROTO_IP packets... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-17977 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-11191 | | | | kernel: race condition in | -| | | | | | load_aout_binary() allows local | -| | | | | | users to bypass ASLR on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-11191 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12378 | | | | kernel: unchecked kmalloc | -| | | | | | of new_ra in ip6_ra_control | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12379 | | | | kernel: memory leak in | -| | | | | | con_insert_unipair in | -| | | | | | drivers/tty/vt/consolemap.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12379 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12380 | | | | kernel: memory allocation | -| | | | | | failure in the efi subsystem | -| | | | | | leads to denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12380 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12381 | | | | kernel: unchecked kmalloc | -| | | | | | of new_ra in ip_ra_control | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12381 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12382 | | | | kernel: unchecked kstrdup of | -| | | | | | fwstr in drm_load_edid_firmware | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12382 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12455 | | | | kernel: null pointer dereference | -| | | | | | in sunxi_divs_clk_setup in | -| | | | | | drivers/clk/sunxi/clk-sunxi.c | -| | | | | | causing denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12455 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12456 | | | | kernel: double fetch in the | -| | | | | | MPT3COMMAND case in _ctl_ioctl_main | -| | | | | | in drivers/scsi/mpt3sas/mpt3sas_ctl.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12456 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16229 | | | | kernel: null pointer dereference in | -| | | | | | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16229 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16230 | | | | kernel: null pointer dereference in | -| | | | | | drivers/gpu/drm/radeon/radeon_display.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16230 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16231 | | | | kernel: null-pointer dereference | -| | | | | | in drivers/net/fjes/fjes_main.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16232 | | | | kernel: null-pointer dereference in | -| | | | | | drivers/net/wireless/marvell/libertas/if_sdio.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16232 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16233 | | | | kernel: null pointer dereference | -| | | | | | in drivers/scsi/qla2xxx/qla_os.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16233 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16234 | | | | kernel: null pointer dereference in | -| | | | | | drivers/net/wireless/intel/iwlwifi/pcie/trans.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16234 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19070 | | | | kernel: A memory leak in the | -| | | | | | spi_gpio_probe() function in | -| | | | | | drivers/spi/spi-gpio.c allows for... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19070 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11725 | | | | kernel: improper handling of | -| | | | | | private_size*count multiplication | -| | | | | | due to count=info->owner typo | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11725 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27820 | | | | kernel: use-after-free | -| | | | | | in nouveau kernel module | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27820 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35501 | | | | kernel: audit not logging access | -| | | | | | to syscall open_by_handle_at for | -| | | | | | users with CAP_DAC_READ_SEARCH... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35501 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-26934 | | | | An issue was discovered in the Linux | -| | | | | | kernel 4.18 through 5.10.16, as... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-26934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-32078 | | | | kernel: out-of-bounds read in | -| | | | | | arch/arm/mach-footbridge/personal-pci.c | -| | | | | | due to improper input validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-32078 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3760 | | | | kernel: nfc: Use-After-Free | -| | | | | | vulnerability of | -| | | | | | ndev->rf_conn_info object | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3760 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| m4 | CVE-2008-1687 | | 1.4.18-5 | | m4: unquoted output of | -| | | | | | maketemp and mkstemp | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-1687 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-1688 | | | | m4: code execution via -F argument | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-1688 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+ + + +---------------+ + -| ncurses-bin | | | | | | -| | | | | | | -| | | | | | | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| patch | CVE-2010-4651 | | 2.7.6-7 | | patch: directory traversal flaw | -| | | | | | allows for arbitrary file creation | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4651 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-6951 | | | | patch: NULL pointer dereference | -| | | | | | in pch.c:intuit_diff_type() | -| | | | | | causes a crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6951 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-6952 | | | | patch: Double free of memory in | -| | | | | | pch.c:another_hunk() causes a crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6952 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| perl | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| perl-modules-5.32 | CVE-2020-16156 | MEDIUM | | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| re2c | CVE-2018-21232 | | 2.0.3-1 | | re2c: uncontrolled recursion | -| | | | | | that causes stack consumption | -| | | | | | in find_fixed_tags | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-21232 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.34+dfsg-1 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ - -usr/src/nextcloud/3rdparty/composer.lock (composer) -=================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/3rdparty/egulias/email-validator/composer.lock (composer) -=========================================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/circles/composer.lock (composer) -======================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/files_external/3rdparty/composer.lock (composer) -======================================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/support/composer.lock (composer) -======================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e** - -``` -2021-12-03T20:42:44.996Z INFO Detected OS: debian -2021-12-03T20:42:44.996Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:45.059Z INFO Number of language-specific files: 5 -2021-12-03T20:42:45.059Z INFO Detecting composer vulnerabilities... - -tccr.io/truecharts/nextcloud:v23.0.0@sha256:14b9b85250c984c6c4083f4509b84c98587d0913ec997c57a300c503f5c0344e (debian 11.1) -========================================================================================================================== -Total: 449 (UNKNOWN: 0, LOW: 332, MEDIUM: 66, HIGH: 40, CRITICAL: 11) - -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| apache2 | CVE-2001-1534 | LOW | 2.4.51-1~deb11u1 | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-bin | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-data | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| apache2-utils | CVE-2001-1534 | | | | mod_usertrack in Apache | -| | | | | | 1.3.11 through 1.3.20 | -| | | | | | generates session ID's using | -| | | | | | predictable information... | -| | | | | | -->avd.aquasec.com/nvd/cve-2001-1534 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1307 | | | | ** DISPUTED ** The mod_php module | -| | | | | | for the Apache HTTP Server... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1307 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1580 | | | | The Apache HTTP Server | -| | | | | | 2.0.44, when DNS resolution | -| | | | | | is enabled for client... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2003-1581 | | | | httpd: Injection of arbitrary | -| | | | | | text into log files when | -| | | | | | DNS resolution is... | -| | | | | | -->avd.aquasec.com/nvd/cve-2003-1581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-0086 | | | | ** DISPUTED ** The Apache HTTP | -| | | | | | Server, when accessed through a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-0086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-1743 | | | | suexec in Apache HTTP Server | -| | | | | | (httpd) 2.2.3 does not | -| | | | | | verify combinations of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-1743 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3303 | | | | Apache httpd 2.0.59 and | -| | | | | | 2.2.4, with the Prefork | -| | | | | | MPM module, allows local... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3303 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-0456 | | | | httpd: mod_negotiation CRLF | -| | | | | | injection via untrusted file names | -| | | | | | in directories with MultiViews... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-0456 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| binutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| binutils-common | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| binutils-x86-64-linux-gnu | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| busybox-static | CVE-2021-42377 | CRITICAL | 1:1.30.1-6 | | busybox: an attacker-controlled | -| | | | | | pointer free in hush applet | -| | | | | | leads to denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42377 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-28831 | HIGH | | | busybox: invalid free or segmentation | -| | | | | | fault via malformed gzip data | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-28831 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42378 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-1000500 | LOW | | | busybox: wget: Missing | -| | | | | | SSL certificate validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000500 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42373 | | | | busybox: NULL pointer | -| | | | | | dereference in man applet | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42373 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42374 | | | | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42375 | | | | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42376 | | | | busybox: NULL pointer | -| | | | | | dereference in hush applet | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42376 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.32-4 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22945 | CRITICAL | 7.74.0-1.3 | | curl: use-after-free and | -| | | | | | double-free in MQTT sending | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22945 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22946 | HIGH | | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| imagemagick-6-common | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libaom0 | CVE-2021-30473 | CRITICAL | 1.0.0.errata1-3 | | aom_image.c in libaom in | -| | | | | | AOMedia before 2021-04-07 | -| | | | | | frees memory that is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30473 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-30474 | | | | aom_dsp/grain_table.c in | -| | | | | | libaom in AOMedia before | -| | | | | | 2021-03-30 has a use-after-free. | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30474 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-30475 | | | | aom_dsp/noise_model.c in libaom | -| | | | | | in AOMedia before 2021-03-24 | -| | | | | | has a buffer overflow. | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-30475 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg6.0 | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libbinutils | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-dev-bin | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6-dev | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43396 | | | | glibc: conversion from | -| | | | | | ISO-2022-JP-3 with iconv may | -| | | | | | emit spurious NUL character on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libctf-nobfd0 | CVE-2017-13716 | | 2.35.2-2 | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libctf0 | CVE-2017-13716 | | | | binutils: Memory leak with the C++ | -| | | | | | symbol demangler routine in libiberty | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13716 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12934 | | | | binutils: Uncontrolled | -| | | | | | Resource Consumption in | -| | | | | | remember_Ktype in cplus-dem.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-18483 | | | | binutils: Integer overflow | -| | | | | | in cplus-dem.c:get_count() | -| | | | | | allows for denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-18483 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20623 | | | | binutils: Use-after-free | -| | | | | | in the error function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20623 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20673 | | | | libiberty: Integer overflow in | -| | | | | | demangle_template() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20673 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20712 | | | | libiberty: heap-based buffer | -| | | | | | over-read in d_expression_1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20712 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-9996 | | | | binutils: Stack-overflow in | -| | | | | | libiberty/cplus-dem.c causes crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-9996 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010204 | | | | binutils: Improper Input Validation, | -| | | | | | Signed/Unsigned Comparison, | -| | | | | | Out-of-bounds Read in gold/fileread.cc | -| | | | | | and elfcpp/elfcpp_file.h... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010204 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35448 | | | | binutils: Heap-based buffer overflow | -| | | | | | in bfd_getl_signed_32() in libbfd.c | -| | | | | | because sh_entsize is not... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35448 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20197 | | | | binutils: Race window allows | -| | | | | | users to own arbitrary files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20197 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20284 | | | | binutils: Heap-based | -| | | | | | buffer overflow in | -| | | | | | _bfd_elf_slurp_secondary_reloc_section | -| | | | | | in elf.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20284 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3487 | | | | binutils: Excessive debug | -| | | | | | section size can cause excessive | -| | | | | | memory consumption in bfd's... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3487 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3530 | | | | binutils: stack memory exhaustion in | -| | | | | | demangle_path() in rust-demangle.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3530 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3549 | | | | binutils: heap-based | -| | | | | | buffer overflow in | -| | | | | | avr_elf32_load_records_from_section() | -| | | | | | via large section parameter | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3549 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3648 | | | | binutils: infinite loop | -| | | | | | while demangling rust symbols | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3648 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-37322 | | | | GCC c++filt v2.26 was discovered | -| | | | | | to contain a use-after-free | -| | | | | | vulnerability via the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37322 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22945 | CRITICAL | 7.74.0-1.3 | | curl: use-after-free and | -| | | | | | double-free in MQTT sending | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22945 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22946 | HIGH | | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libde265-0 | CVE-2020-21598 | HIGH | 1.0.8-1 | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | ff_hevc_put_unweighted_pred_8_sse | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21598 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-21594 | MEDIUM | | | libde265 v1.0.4 contains | -| | | | | | a heap buffer overflow in | -| | | | | | the put_epel_hv_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21594 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21595 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | mc_luma function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21595 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21596 | | | | libde265 v1.0.4 contains a | -| | | | | | global buffer overflow in the | -| | | | | | decode_CABAC_bit function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21596 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21597 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | mc_chroma function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21597 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21599 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | de265_image::available_zscan | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21599 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21600 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_weighted_pred_avg_16_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21600 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21601 | | | | libde265 v1.0.4 contains a | -| | | | | | stack buffer overflow in the | -| | | | | | put_qpel_fallback function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21601 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21602 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_weighted_bipred_16_fallback | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21602 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21603 | | | | libde265 v1.0.4 contains a | -| | | | | | heap buffer overflow in the | -| | | | | | put_qpel_0_0_fallback_16 | -| | | | | | function, which... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21603 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21604 | | | | libde265 v1.0.4 contains a heap | -| | | | | | buffer overflow fault in the | -| | | | | | _mm_loadl_epi64 function,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21604 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21605 | | | | libde265 v1.0.4 contains | -| | | | | | a segmentation fault in | -| | | | | | the apply_sao_internal | -| | | | | | function, which can... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21605 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-21606 | | | | libde265 v1.0.4 contains a heap | -| | | | | | buffer overflow fault in the | -| | | | | | put_epel_16_fallback function,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-21606 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libexpat1 | CVE-2013-0340 | LOW | 2.2.10-2 | | expat: internal entity expansion | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-0340 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libglib2.0-0 | CVE-2012-0039 | | 2.66.8-1 | | glib2: hash table | -| | | | | | collisions CPU usage DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2012-0039 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libheif1 | CVE-2020-23109 | HIGH | 1.11.0-1 | | Buffer overflow vulnerability | -| | | | | | in function convert_colorspace | -| | | | | | in heif_colorconversion.cc | -| | | | | | in libheif v1.6.2, allows... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-23109 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libjansson4 | CVE-2020-36325 | LOW | 2.13.1-1.1 | | jansson: out-of-bounds read in | -| | | | | | json_loads() due to a parsing error | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-36325 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libjbig0 | CVE-2017-9937 | | 2.1-3.1 | | libtiff: memory malloc failure | -| | | | | | in tif_jbig.c could cause DOS. | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-9937 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.57+dfsg-3 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+---------------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| liblua5.3-0 | CVE-2019-6706 | HIGH | 5.3.3-1.1 | | lua: use-after-free in | -| | | | | | lua_upvaluejoin in lapi.c | -| | | | | | resulting in denial of service | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6706 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-24370 | MEDIUM | | | lua: segmentation fault in getlocal | -| | | | | | and setlocal functions in ldebug.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-24370 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43519 | | | | Stack overflow in lua_resume | -| | | | | | of ldo.c in Lua Interpreter | -| | | | | | 5.1.0~5.4.4 allows attackers... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43519 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libmagickcore-6.q16-6 | CVE-2021-20309 | HIGH | 8:6.9.11.60+dfsg-1.3 | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libmagickwand-6.q16-6 | CVE-2021-20309 | HIGH | | | ImagemMagick: Division | -| | | | | | by zero in WaveImage() of | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20309 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20312 | | | | ImageMagick: Integer overflow | -| | | | | | in WriteTHUMBNAILImage | -| | | | | | of coders/thumbnail.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20312 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20313 | | | | ImageMagick: Cipher leak when | -| | | | | | the calculating signatures | -| | | | | | in TransformSignatureof | -| | | | | | MagickCore/signature.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20313 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-20241 | MEDIUM | | | ImageMagick: Division by zero in | -| | | | | | WriteJP2Image() in coders/jp2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20241 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20243 | | | | ImageMagick: Division by | -| | | | | | zero in GetResizeFilterWeight | -| | | | | | in MagickCore/resize.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20243 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20244 | | | | ImageMagick: Division by | -| | | | | | zero in ImplodeImage in | -| | | | | | MagickCore/visual-effects.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20245 | | | | ImageMagick: Division by zero | -| | | | | | in WriteAnimatedWEBPImage() | -| | | | | | in coders/webp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20246 | | | | ImageMagick: Division by | -| | | | | | zero in ScaleResampleFilter | -| | | | | | in MagickCore/resample.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-39212 | | | | ImageMagick: possible read | -| | | | | | or write in postscript files | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39212 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2005-0406 | LOW | | | A design flaw in image | -| | | | | | processing software that | -| | | | | | modifies JPEG images might... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-0406 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-3134 | | | | GraphicsMagick/ImageMagick: | -| | | | | | multiple crash or DoS issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-3134 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8678 | | | | ImageMagick: Heap-buffer | -| | | | | | overflow in IsPixelMonochrome | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8678 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11754 | | | | ImageMagick: Memory leak | -| | | | | | in WritePICONImage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11754 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-11755 | | | | ImageMagick: Memory leak in | -| | | | | | WritePICONImage function via | -| | | | | | mishandled AcquireSemaphoreInfo call | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7275 | | | | ImageMagick: Memory allocation | -| | | | | | failure in AcquireMagickMemory | -| | | | | | (incomplete fix for CVE-2016-8866) | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7275 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-15607 | | | | ImageMagick: CPU Exhaustion | -| | | | | | via crafted input file | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-15607 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20311 | | | | ImageMagick: Division by | -| | | | | | zero in sRGBTransformImage() | -| | | | | | in MagickCore/colorspace.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20311 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-34183 | | | | ImageMagick: memory leak | -| | | | | | in AcquireSemaphoreMemory() | -| | | | | | in semaphore.c and | -| | | | | | AcquireMagickMemory() in memory.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-34183 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libopenjp2-7 | CVE-2021-3575 | HIGH | 2.4.0-3 | | openjpeg: heap-buffer-overflow | -| | | | | | in color.c may lead to DoS or | -| | | | | | arbitrary code execution... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3575 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-29338 | MEDIUM | | | openjpeg: out-of-bounds write due to | -| | | | | | an integer overflow in opj_compress.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-29338 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-10505 | LOW | | | openjpeg: NULL pointer dereference | -| | | | | | in imagetopnm function in convert.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10505 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10506 | | | | openjpeg: Division by zero in | -| | | | | | functions opj_pi_next_cprl, | -| | | | | | opj_pi_next_pcrl, and | -| | | | | | opj_pi_next_rpcl in pi.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10506 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9113 | | | | CVE-2016-9114 CVE-2016-9115 | -| | | | | | CVE-2016-9116 CVE-2016-9117 | -| | | | | | CVE-2016-9118 openjpeg2: | -| | | | | | Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9113 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9114 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9114 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9115 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9115 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9116 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9116 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9117 | | | | CVE-2016-9113 CVE-2016-9114 | -| | | | | | CVE-2016-9115 CVE-2016-9116 | -| | | | | | CVE-2016-9117 CVE-2016-9118 | -| | | | | | openjpeg2: Multiple security issues | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9117 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9580 | | | | openjpeg2: Integer overflow | -| | | | | | in tiftoimage causes | -| | | | | | heap buffer overflow | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9580 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-9581 | | | | openjpeg2: Infinite loop | -| | | | | | in tiftoimage resulting | -| | | | | | into heap buffer overflow | -| | | | | | in convert_32s_C1P1... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9581 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17479 | | | | openjpeg: Stack-buffer overflow | -| | | | | | in the pgxtoimage function | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17479 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-16375 | | | | openjpeg: Heap-based buffer | -| | | | | | overflow in pnmtoimage | -| | | | | | function in bin/jpwl/convert.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-16375 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-16376 | | | | openjpeg: Heap-based buffer overflow | -| | | | | | in function t2_encode_packet | -| | | | | | in src/lib/openmj2/t2.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-16376 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20846 | | | | openjpeg: out-of-bounds read in | -| | | | | | functions pi_next_lrcp, pi_next_rlcp, | -| | | | | | pi_next_rpcl, pi_next_pcrl, | -| | | | | | pi_next_rpcl, and pi_next_cprl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20846 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-6988 | | | | openjpeg: DoS via memory | -| | | | | | exhaustion in opj_decompress | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6988 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2017-11164 | | 2:8.39-13 | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| libperl5.32 | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libpng16-16 | CVE-2019-6129 | | 1.6.37-3 | | libpng: memory leak of | -| | | | | | png_info struct in pngcp.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-6129 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 3.1-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2021-36690 | | 3.34.1-3 | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libtiff5 | CVE-2014-8130 | | 4.2.0-1 | | libtiff: divide by zero | -| | | | | | in the tiffdither tool | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-8130 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16232 | | | | libtiff: Memory leaks in | -| | | | | | tif_open.c, tif_lzw.c, and tif_aux.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16232 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17973 | | | | libtiff: heap-based use after | -| | | | | | free in tiff2pdf.c:t2p_writeproc | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17973 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-5563 | | | | libtiff: Heap-buffer overflow | -| | | | | | in LZWEncode tif_lzw.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-5563 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-9117 | | | | libtiff: Heap-based buffer | -| | | | | | over-read in bmp2tiff | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-9117 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-10126 | | | | libtiff: NULL pointer dereference | -| | | | | | in the jpeg_fdct_16x16 | -| | | | | | function in jfdctint.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-10126 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| libwebp6 | CVE-2016-9085 | | 0.6.1-2.1 | | libwebp: Several integer overflows | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9085 | -+---------------------------+ + + +---------------+ + -| libwebpdemux2 | | | | | | -| | | | | | | -+---------------------------+ + + +---------------+ + -| libwebpmux3 | | | | | | -| | | | | | | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| linux-libc-dev | CVE-2021-43267 | CRITICAL | 5.10.70-1 | | kernel: Insufficient validation | -| | | | | | of user-supplied sizes for | -| | | | | | the MSG_CRYPTO message type | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43267 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-7445 | HIGH | | | kernel: memory exhaustion via | -| | | | | | crafted Graphics Execution | -| | | | | | Manager (GEM) objects | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-7445 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19378 | | | | kernel: out-of-bounds write in | -| | | | | | index_rbio_pages in fs/btrfs/raid56.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19449 | | | | kernel: mounting a crafted | -| | | | | | f2fs filesystem image can lead | -| | | | | | to slab-out-of-bounds read... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19449 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19814 | | | | kernel: out-of-bounds write | -| | | | | | in __remove_dirty_segment | -| | | | | | in fs/f2fs/segment.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19814 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12362 | | | | kernel: Integer overflow in | -| | | | | | Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12362 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26556 | | | | kernel: malleable commitment | -| | | | | | Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26556 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26557 | | | | kernel: predictable | -| | | | | | Authvalue in Bluetooth Mesh | -| | | | | | Provisioning Leads to MITM | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26557 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26559 | | | | kernel: Authvalue leak in | -| | | | | | Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26559 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26560 | | | | kernel: impersonation attack | -| | | | | | in Bluetooth Mesh Provisioning | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26560 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3752 | | | | kernel: possible use-after-free | -| | | | | | in bluetooth module | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4001 | | | | kernel: race condition | -| | | | | | when the EBPF map is frozen | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4001 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4028 | | | | kernel: use-after-free | -| | | | | | in RDMA listen() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4028 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-41864 | | | | kernel: eBPF multiplication | -| | | | | | integer overflow in | -| | | | | | prealloc_elems_and_freelist() | -| | | | | | in kernel/bpf/stackmap.c | -| | | | | | leads to out-of-bounds... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-41864 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-15213 | MEDIUM | | | kernel: use-after-free caused | -| | | | | | by malicious USB device in | -| | | | | | drivers/media/usb/dvb-usb/dvb-usb-init.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15213 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15794 | | | | kernel: Overlayfs in the | -| | | | | | Linux kernel and shiftfs | -| | | | | | not restoring original... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15794 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16089 | | | | kernel: Improper return check | -| | | | | | in nbd_genl_status function | -| | | | | | in drivers/block/nbd.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16089 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20794 | | | | kernel: task processes not | -| | | | | | being properly ended could | -| | | | | | lead to resource exhaustion... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20794 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12363 | | | | kernel: Improper input validation | -| | | | | | in some Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12363 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-12364 | | | | kernel: Null pointer dereference | -| | | | | | in some Intel(R) Graphics Drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-12364 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-14304 | | | | kernel: ethtool when reading | -| | | | | | eeprom of device could | -| | | | | | lead to memory leak... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14304 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15802 | | | | hardware: BLURtooth: "Dual | -| | | | | | mode" hardware using CTKD are | -| | | | | | vulnerable to key overwrite... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15802 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-24504 | | | | kernel: Uncontrolled resource | -| | | | | | consumption in some Intel(R) | -| | | | | | Ethernet E810 Adapter drivers | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-24504 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-26555 | | | | kernel: Bluetooth BR/EDR PIN | -| | | | | | Pairing procedure is vulnerable | -| | | | | | to an impersonation attack... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-26555 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20321 | | | | kernel: In Overlayfs missing | -| | | | | | a check for a negative | -| | | | | | dentry before calling... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20321 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3640 | | | | kernel: use-after-free vulnerability | -| | | | | | in function sco_sock_sendmsg() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3640 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3669 | | | | kernel: reading /proc/sysvipc/shm | -| | | | | | does not scale with large | -| | | | | | shared memory segment counts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3669 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3744 | | | | kernel: crypto: ccp - fix resource | -| | | | | | leaks in ccp_run_aes_gcm_cmd() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3744 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3759 | | | | kernel: unaccounted ipc | -| | | | | | objects in Linux kernel lead | -| | | | | | to breaking memcg limits... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3759 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3764 | | | | kernel: DoS in | -| | | | | | ccp_run_aes_gcm_cmd() function | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3764 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3772 | | | | kernel: sctp: Invalid chunks | -| | | | | | may be used to remotely remove | -| | | | | | existing associations... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3772 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3847 | | | | kernel: low-privileged | -| | | | | | user privileges escalation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3847 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3892 | | | | kernel: memory leak | -| | | | | | in fib6_rule_suppress | -| | | | | | could result in DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3892 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4002 | | | | kernel: possible leak or coruption | -| | | | | | of data residing on hugetlbfs | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4002 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-4037 | | | | kernel: security regression | -| | | | | | for CVE-2018-13405 | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-4037 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42327 | | | | kernel: heap-based buffer overflow | -| | | | | | in dp_link_settings_write() in | -| | | | | | drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42327 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-42739 | | | | kernel: Heap buffer | -| | | | | | overflow in firedtv driver | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42739 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43056 | | | | kernel: ppc: kvm: allows a malicious | -| | | | | | KVM guest to crash the host... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43056 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43389 | | | | kernel: an array-index-out-bounds | -| | | | | | in detach_capi_ctr in | -| | | | | | drivers/isdn/capi/kcapi.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43389 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43975 | | | | kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in | -| | | | | | drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43975 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-43976 | | | | kernel: mwifiex_usb_recv() in | -| | | | | | drivers/net/wireless/marvell/mwifiex/usb.c | -| | | | | | allows an attacker to | -| | | | | | cause DoS via crafted... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43976 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2004-0230 | LOW | | | TCP, when using a large Window | -| | | | | | Size, makes it easier for remote... | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0230 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2005-3660 | | | | Linux kernel 2.4 and 2.6 allows | -| | | | | | attackers to cause a denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-3660 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2007-3719 | | | | kernel: secretly Monopolizing the | -| | | | | | CPU Without Superuser Privileges | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-3719 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-2544 | | | | kernel: mounting proc | -| | | | | | readonly on a different mount | -| | | | | | point silently mounts it... | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-2544 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-4609 | | | | kernel: TCP protocol | -| | | | | | vulnerabilities from Outpost24 | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-4609 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-4563 | | | | kernel: ipv6: sniffer detection | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4563 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-5321 | | | | kernel: v4l: videobuf: hotfix a | -| | | | | | bug on multiple calls to mmap() | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-5321 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2011-4915 | | | | fs/proc/base.c in the Linux | -| | | | | | kernel through 3.1 allows | -| | | | | | local users to obtain... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4915 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2011-4917 | | | | -->avd.aquasec.com/nvd/cve-2011-4917 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2012-4542 | | | | kernel: block: default SCSI | -| | | | | | command filter does not accomodate | -| | | | | | commands overlap across... | -| | | | | | -->avd.aquasec.com/nvd/cve-2012-4542 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2014-9892 | | | | The snd_compr_tstamp function in | -| | | | | | sound/core/compress_offload.c in | -| | | | | | the Linux kernel through 4.7, as... | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-9892 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2014-9900 | | | | kernel: Info leak in uninitialized | -| | | | | | structure ethtool_wolinfo | -| | | | | | in ethtool_get_wol() | -| | | | | | -->avd.aquasec.com/nvd/cve-2014-9900 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2015-2877 | | | | Kernel: Cross-VM ASL | -| | | | | | INtrospection (CAIN) | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-2877 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10723 | | | | ** DISPUTED ** An issue | -| | | | | | was discovered in the | -| | | | | | Linux kernel through... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10723 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-8660 | | | | kernel: xfs: local DoS due to | -| | | | | | a page lock order bug in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-8660 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-0630 | | | | kernel: Information | -| | | | | | disclosure vulnerability | -| | | | | | in kernel trace subsystem | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-0630 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-13693 | | | | kernel: ACPI operand | -| | | | | | cache leak in dsutils.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13693 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-13694 | | | | kernel: ACPI node and | -| | | | | | node_ext cache leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-13694 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-1121 | | | | procps-ng, procps: process | -| | | | | | hiding through race | -| | | | | | condition enumerating /proc | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1121 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-12928 | | | | kernel: NULL pointer dereference | -| | | | | | in hfs_ext_read_extent in hfs.ko | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12928 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-17977 | | | | kernel: Mishandled interactions among | -| | | | | | XFRM Netlink messages, IPPROTO_AH | -| | | | | | packets, and IPPROTO_IP packets... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-17977 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-11191 | | | | kernel: race condition in | -| | | | | | load_aout_binary() allows local | -| | | | | | users to bypass ASLR on... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-11191 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12378 | | | | kernel: unchecked kmalloc | -| | | | | | of new_ra in ip6_ra_control | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12378 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12379 | | | | kernel: memory leak in | -| | | | | | con_insert_unipair in | -| | | | | | drivers/tty/vt/consolemap.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12379 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12380 | | | | kernel: memory allocation | -| | | | | | failure in the efi subsystem | -| | | | | | leads to denial of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12380 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12381 | | | | kernel: unchecked kmalloc | -| | | | | | of new_ra in ip_ra_control | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12381 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12382 | | | | kernel: unchecked kstrdup of | -| | | | | | fwstr in drm_load_edid_firmware | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12382 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12455 | | | | kernel: null pointer dereference | -| | | | | | in sunxi_divs_clk_setup in | -| | | | | | drivers/clk/sunxi/clk-sunxi.c | -| | | | | | causing denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12455 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-12456 | | | | kernel: double fetch in the | -| | | | | | MPT3COMMAND case in _ctl_ioctl_main | -| | | | | | in drivers/scsi/mpt3sas/mpt3sas_ctl.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12456 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16229 | | | | kernel: null pointer dereference in | -| | | | | | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16229 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16230 | | | | kernel: null pointer dereference in | -| | | | | | drivers/gpu/drm/radeon/radeon_display.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16230 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16231 | | | | kernel: null-pointer dereference | -| | | | | | in drivers/net/fjes/fjes_main.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16232 | | | | kernel: null-pointer dereference in | -| | | | | | drivers/net/wireless/marvell/libertas/if_sdio.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16232 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16233 | | | | kernel: null pointer dereference | -| | | | | | in drivers/scsi/qla2xxx/qla_os.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16233 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-16234 | | | | kernel: null pointer dereference in | -| | | | | | drivers/net/wireless/intel/iwlwifi/pcie/trans.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-16234 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19070 | | | | kernel: A memory leak in the | -| | | | | | spi_gpio_probe() function in | -| | | | | | drivers/spi/spi-gpio.c allows for... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19070 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11725 | | | | kernel: improper handling of | -| | | | | | private_size*count multiplication | -| | | | | | due to count=info->owner typo | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11725 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27820 | | | | kernel: use-after-free | -| | | | | | in nouveau kernel module | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27820 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-35501 | | | | kernel: audit not logging access | -| | | | | | to syscall open_by_handle_at for | -| | | | | | users with CAP_DAC_READ_SEARCH... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-35501 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-26934 | | | | An issue was discovered in the Linux | -| | | | | | kernel 4.18 through 5.10.16, as... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-26934 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-32078 | | | | kernel: out-of-bounds read in | -| | | | | | arch/arm/mach-footbridge/personal-pci.c | -| | | | | | due to improper input validation | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-32078 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3760 | | | | kernel: nfc: Use-After-Free | -| | | | | | vulnerability of | -| | | | | | ndev->rf_conn_info object | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3760 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| m4 | CVE-2008-1687 | | 1.4.18-5 | | m4: unquoted output of | -| | | | | | maketemp and mkstemp | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-1687 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2008-1688 | | | | m4: code execution via -F argument | -| | | | | | -->avd.aquasec.com/nvd/cve-2008-1688 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+---------------------------+ + + +---------------+ + -| ncurses-bin | | | | | | -| | | | | | | -| | | | | | | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| patch | CVE-2010-4651 | | 2.7.6-7 | | patch: directory traversal flaw | -| | | | | | allows for arbitrary file creation | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4651 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-6951 | | | | patch: NULL pointer dereference | -| | | | | | in pch.c:intuit_diff_type() | -| | | | | | causes a crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6951 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-6952 | | | | patch: Double free of memory in | -| | | | | | pch.c:another_hunk() causes a crash | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6952 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ -| perl | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| perl-modules-5.32 | CVE-2020-16156 | MEDIUM | | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| re2c | CVE-2018-21232 | | 2.0.3-1 | | re2c: uncontrolled recursion | -| | | | | | that causes stack consumption | -| | | | | | in find_fixed_tags | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-21232 | -+---------------------------+------------------+ +----------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.34+dfsg-1 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+---------------------------+------------------+----------+----------------------+---------------+--------------------------------------------------------------+ - -usr/src/nextcloud/3rdparty/composer.lock (composer) -=================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/3rdparty/egulias/email-validator/composer.lock (composer) -=========================================================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/circles/composer.lock (composer) -======================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/files_external/3rdparty/composer.lock (composer) -======================================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -usr/src/nextcloud/apps/support/composer.lock (composer) -======================================================= -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T20:42:45.792Z INFO Detected OS: alpine -2021-12-03T20:42:45.792Z INFO Detecting Alpine vulnerabilities... -2021-12-03T20:42:45.794Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07** - -``` -2021-12-03T20:42:47.092Z INFO Detected OS: debian -2021-12-03T20:42:47.092Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:47.108Z INFO Number of language-specific files: 2 -2021-12-03T20:42:47.108Z INFO Detecting gobinary vulnerabilities... - -bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 (debian 10.11) -========================================================================================================== -Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/wait-for-port (gobinary) -=============================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` - -**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** - -``` -2021-12-03T20:42:47.700Z INFO Detected OS: alpine -2021-12-03T20:42:47.700Z INFO Detecting Alpine vulnerabilities... -2021-12-03T20:42:47.707Z INFO Number of language-specific files: 0 - -ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) -========================================================================================================================= -Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) - -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+ +---------------+---------------------------------------+ -| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42379 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42380 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42381 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42382 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42383 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42384 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42385 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | -+ +------------------+ + + +---------------------------------------+ -| | CVE-2021-42386 | | | | busybox: use-after-free in | -| | | | | | awk applet leads to denial | -| | | | | | of service and possibly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | -+ +------------------+----------+ +---------------+---------------------------------------+ -| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | -| | | | | | in unlzma applet leads to | -| | | | | | information leak and denial... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | -+ +------------------+ + +---------------+---------------------------------------+ -| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | -| | | | | | of a special element in | -| | | | | | ash applet leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | -+------------+------------------+----------+-------------------+---------------+---------------------------------------+ -``` - -**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe** - -``` -2021-12-03T20:42:48.382Z INFO Detected OS: debian -2021-12-03T20:42:48.382Z INFO Detecting Debian vulnerabilities... -2021-12-03T20:42:48.405Z INFO Number of language-specific files: 2 -2021-12-03T20:42:48.405Z INFO Detecting gobinary vulnerabilities... -2021-12-03T20:42:48.405Z INFO Detecting jar vulnerabilities... - -bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11) -================================================================================================================ -Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) - -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | -| | | | | | equal to its real UID the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | -| | | | | | session can escape to the | -| | | | | | parent session in chroot | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-18018 | | | | coreutils: race condition | -| | | | | | vulnerability in chown and chgrp | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | -| | | | | | Forgeries with SHA-1 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | -| | | | | | all versions, do not correctly... | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ -| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | -| | | | | | TLS not properly enforced | -| | | | | | for IMAP, POP3, and... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | -| | | | | | received before STARTTLS | -| | | | | | processed after TLS handshake | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2021-22898 | LOW | | | curl: TELNET stack | -| | | | | | contents disclosure | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22922 | | | | curl: Content not matching hash | -| | | | | | in Metalink is not being discarded | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22923 | | | | curl: Metalink download | -| | | | | | sends credentials | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-22924 | | | | curl: Bad connection reuse | -| | | | | | due to flawed path name checks | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | -| | | | | | encryption because it lacks | -| | | | | | exponent blinding to address a... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | -| | | | | | allowing private key leak | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | -| | | | | | doesn't have semantic security due | -| | | | | | to incorrectly encoded plaintexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | -| | | | | | buffer overflow via crafted input | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | -| | | | | | attack against SSL/TLS (BEAST) | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | -| | | | | | fails to perform the roundtrip | -| | | | | | checks specified in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5-3 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libkrb5support0 | CVE-2004-0971 | | | | security flaw | -| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-5709 | | | | krb5: integer overflow | -| | | | | | in dbentry->n_key_data | -| | | | | | in kadmin/dbutil/dump.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ + +---------------+--------------------------------------------------------------+ -| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | -| | | | | | mode cipherstring parsing | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-14159 | | | | openldap: Privilege escalation | -| | | | | | via PID file manipulation | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-17740 | | | | openldap: | -| | | | | | contrib/slapd-modules/nops/nops.c | -| | | | | | attempts to free stack buffer | -| | | | | | allowing remote attackers to cause... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-15719 | | | | openldap: Certificate | -| | | | | | validation incorrectly | -| | | | | | matches name against CN-ID | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | -| | | | | | overflow in LZ4_write32 | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+ + + +---------------+ + -| libncursesw6 | | | | | | -| | | | | | | -| | | | | | | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | -| | | | | | frames can lead to DoS | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | -| | | | | | parsing callout numeric arguments | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | -| | | | | | match function in pcre_exec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-16231 | | | | pcre: self-recursive call | -| | | | | | in match() in pcre_exec.c | -| | | | | | leads to denial of service... | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | -| | | | | | write in pcre32_copy_substring | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | -| | | | | | when UTF is disabled and \X or... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | -| | | | | | of syscall filters in libseccomp | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36085 | | | | libsepol: use-after-free in | -| | | | | | __cil_verify_classperms() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36086 | | | | libsepol: use-after-free in | -| | | | | | cil_reset_classpermission() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36087 | | | | libsepol: heap-based buffer | -| | | | | | overflow in ebitmap_match_any() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | -| | | | | | certain SELECT statements with | -| | | | | | non-existent VIEW can lead to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | -| | | | | | certain types of self-referential | -| | | | | | views in conjunction with... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19924 | | | | sqlite: incorrect | -| | | | | | sqlite3WindowRewrite() error | -| | | | | | handling leads to mishandling | -| | | | | | certain parser-tree rewriting | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13631 | | | | sqlite: Virtual table can be | -| | | | | | renamed into the name of one of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | -| | | | | | if a sub-select uses both | -| | | | | | DISTINCT and window... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-11656 | | | | sqlite: use-after-free in the | -| | | | | | ALTER TABLE implementation | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | -| | | | | | fault can occur in the | -| | | | | | sqlite3.exe command-line... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | -| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | -| | | | | | in kex.c leads to out-of-bounds write | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | -| | | | | | SSH_MSG_DISCONNECT logic in packet.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | -| | | | | | protection address in cfgexpand.c | -| | | | | | and function.c leads to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | -| | | | | | produces repeated output | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | -| | | | | | _asn1_expand_object_id(ptree) | -| | | | | | leads to memory exhaustion | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | -| | | | | | can create SUID/SGID binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-3844 | | | | systemd: services with DynamicUser | -| | | | | | can get new privileges and | -| | | | | | create SGID binaries... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | -| | | | | | when updating file permissions | -| | | | | | and SELinux security contexts... | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | -| | | | | | in login/logind-button.c when | -| | | | | | udev events are received... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | -| | | | | | authentication not implemented | -| | | | | | can cause a system running the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-13776 | | | | systemd: Mishandles numerical | -| | | | | | usernames beginning with decimal | -| | | | | | digits or 0x followed by... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | -| | | | | | in parameter entities | -| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | -| | | | | | Entity vulnerability | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | -| | | | | | xslt uses unseeded randomness | -| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | -| | | | | | not handle separately | -| | | | | | allocated thread attributes | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | -| | | | | | backtrace functions for powerpc | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | -| | | | | | function when expanding ~user | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-3326 | | | | glibc: Assertion failure in | -| | | | | | ISO-2022-JP-3 gconv module | -| | | | | | related to combining characters | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | -| | | | | | iconv when processing invalid | -| | | | | | multi-byte input sequences in... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-10029 | | | | glibc: stack corruption | -| | | | | | from crafted input in cosl, | -| | | | | | sinl, sincosl, and tanl... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-27618 | | | | glibc: iconv when processing | -| | | | | | invalid multi-byte input | -| | | | | | sequences fails to advance the... | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2010-4756 | LOW | | | glibc: glob implementation | -| | | | | | can cause excessive CPU and | -| | | | | | memory consumption due to... | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2016-10228 | | | | glibc: iconv program can hang | -| | | | | | when invoked with the -c option | -| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | -| | | | | | leads to code execution because of... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | -| | | | | | cache of thread stack and heap | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | -| | | | | | addresses of pthread_created thread | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | -| | | | | | not ignored in setuid binaries | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | -| | | | | | function check_dst_limits_calc_pos_1 | -| | | | | | in posix/regexec.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2020-6096 | | | | glibc: signed comparison | -| | | | | | vulnerability in the | -| | | | | | ARMv7 memcpy function | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-27645 | | | | glibc: Use-after-free in | -| | | | | | addgetnetgrentX function | -| | | | | | in netgroupcache.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | -| | | | | | in _nc_captoinfo() in captoinfo.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | -| | | | | | random number generator | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | -| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | -| | | | | | sets insecure permissions for | -| | | | | | the /var/log/btmp file,... | -| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | -| | | | | | conditions by copying and | -| | | | | | removing directory trees | -| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2018-7169 | | | | shadow-utils: newgidmap | -| | | | | | allows unprivileged user to | -| | | | | | drop supplementary groups | -| | | | | | potentially allowing privilege... | -| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-19882 | | | | shadow-utils: local users can | -| | | | | | obtain root access because setuid | -| | | | | | programs are misconfigured... | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ -| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | -| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | -+ +------------------+----------+ +---------------+--------------------------------------------------------------+ -| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | -| | | | | | temporary file handling | -| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | -| | | | | | when extracting setuid or setgid... | -| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2019-9923 | | | | tar: null-pointer dereference | -| | | | | | in pax_decode_header in sparse.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | -+ +------------------+ + +---------------+--------------------------------------------------------------+ -| | CVE-2021-20193 | | | | tar: Memory leak in | -| | | | | | read_header() in list.c | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | -+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ -| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | -| | | | | | can lead to buffer overflow | -| | | | | | in get_sem_elements() in | -| | | | | | sys-utils/ipcutils.c... | -| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | -+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ - -Java (jar) -========== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - - -opt/bitnami/common/bin/gosu (gobinary) -====================================== -Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) - -``` diff --git a/templates/security.tpl b/templates/security.tpl new file mode 100644 index 00000000000..94df2fdba5f --- /dev/null +++ b/templates/security.tpl @@ -0,0 +1,10 @@ +--- +hide: + - toc +--- + +# Security Scan + +## Helm-Chart + +##### Scan Results diff --git a/tools/build-release.sh b/tools/build-release.sh index 199a8e00084..1794546aa19 100755 --- a/tools/build-release.sh +++ b/tools/build-release.sh @@ -292,11 +292,7 @@ helm_sec_scan() { echo "Scanning helm security for ${chartname}" mkdir -p ${chart}/render rm -rf ${chart}/security.md || echo "removing old security.md file failed..." - echo "# Security Scan" >> ${chart}/security.md - echo "" >> ${chart}/security.md - echo "## Helm-Chart" >> ${chart}/security.md - echo "" >> ${chart}/security.md - echo "##### Scan Results" >> ${chart}/security.md + cat templates/security.tpl >> ${chart}/security.md echo "" >> ${chart}/security.md helm template ${chart} --output-dir ${chart}/render > /dev/null trivy config -f template --template "@./templates/trivy-config.tpl" -o ${chart}/render/tmpsec${chartname}.md ${chart}/render