chirauki / empty-repo Goto Github PK
View Code? Open in Web Editor NEWAn empty repo
License: Apache License 2.0
empty-repo's People
Contributors
Watchers
empty-repo's Issues
Vulnerabilities found for image sso71-openshift:1.1-16
sso71-openshift:1.1-16
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| bash | CVE-2019-18276 | HIGH | 4.2.46-29.el7_4 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9924 | | | 4.2.46-34.el7 | bash: BASH_CMD is writable in |
| | | | | | restricted bash shells |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| binutils | CVE-2014-9939 | | 2.25.1-32.base.el7_4.1 | | binutils: buffer overflow in |
| | | | | | ihex.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-13716 | | | | binutils: Memory leak with the |
| | | | | | C++ symbol demangler routine |
| | | | | | in libiberty |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-14930 | | | | binutils: Memory leak in |
| | | | | | decode_line_info |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7614 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | bfd_elf_final_link function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8421 | | | | binutils: Memory exhaustion in |
| | | | | | objdump via a crafted PE file |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12699 | | | | binutils: heap-based buffer |
| | | | | | overflow in finish_stab in |
| | | | | | stabs.c |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| bzip2-libs | CVE-2019-12900 | | 1.0.6-13.el7 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| coreutils | CVE-2014-9471 | | 8.22-18.el7 | | coreutils: memory corruption |
| | | | | | flaw in parse_datetime() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-4042 | | | | coreutils: possible buffer |
| | | | | | overflow in keycompare_mb() |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| cracklib | CVE-2016-6318 | | 2.9.0-11.el7 | | cracklib: Stack-based buffer |
| | | | | | overflow when parsing large |
| | | | | | GECOS field |
+-----------------------------+ + + +-------------------+ +
| cracklib-dicts | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| curl | CVE-2018-14618 | CRITICAL | 7.29.0-42.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow |
| | | | | | via integer overflow |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-8618 | HIGH | | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000120 | | | 7.29.0-51.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| dracut | CVE-2016-4484 | | 033-502.el7 | | dracut: Brute force attack on |
| | | | | | LUKS password decryption via |
| | | | | | initramfs |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| elfutils-default-yama-scope | CVE-2018-16402 | | 0.168-8.el7 | 0.176-2.el7 | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+-----------------------------+ + + + + +
| elfutils-libelf | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + + + +
| elfutils-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| expat | CVE-2015-2716 | | 2.1.0-10.el7_3 | 2.1.0-11.el7 | expat: Integer overflow |
| | | | | | leading to buffer overflow in |
| | | | | | XML_GetBuffer() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-5300 | | | | expat: Little entropy used for |
| | | | | | hash initialization |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-9063 | | | | firefox: Possible integer |
| | | | | | overflow to fix inside |
| | | | | | XML_Parse in Expat |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-20843 | | | | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| file-libs | CVE-2015-8865 | | 5.11-33.el7 | | file: Buffer over-write in |
| | | | | | finfo_open with malformed |
| | | | | | magic file |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| fontconfig | CVE-2018-12910 | | 2.10.95-11.el7 | 2.13.0-4.3.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| freetype | CVE-2014-9746 | | 2.4.11-15.el7 | | CVE-2014-9747 freetype: Use of |
| | | | | | uninitialized memory |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8105 | | | | freetype: heap-based buffer |
| | | | | | overflow related to the |
| | | | | | t1_decoder_parse_charstrings |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8287 | | | | freetype: heap-based buffer |
| | | | | | overflow related to the |
| | | | | | t1_builder_close_contour |
| | | | | | function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12910 | | | 2.8-12.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| glib2 | CVE-2015-8391 | CRITICAL | 2.50.3-3.el7 | | pcre: inefficient posix |
| | | | | | character class syntax check |
| | | | | | (8.38/16) |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2015-2327 | HIGH | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | zero-repeated groups that |
| | | | | | include recursive back... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-2328 | | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | recursive reference in a group |
| | | | | | with... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8385 | | | | pcre: buffer overflow caused |
| | | | | | by named forward reference to |
| | | | | | duplicate group number... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8386 | | | | pcre: Buffer overflow caused |
| | | | | | by lookbehind assertion |
| | | | | | (8.38/6) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8388 | | | | CVE-2015-5073 CVE-2015-8388 |
| | | | | | pcre: buffer overflow for |
| | | | | | forward reference within |
| | | | | | backward assertion with... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-3191 | | | | pcre: workspace overflow |
| | | | | | for (*ACCEPT) with deeply |
| | | | | | nested parentheses (8.39/13, |
| | | | | | 10.22/12) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12910 | | | 2.56.1-2.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-16428 | | | | glib2: NULL pointer dereference in |
| | | | | | g_markup_parse_context_end_parse() |
| | | | | | function in gmarkup.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-12450 | | | | glib2: file_copy_fallback in |
| | | | | | gio/gfile.c in GNOME GLib does |
| | | | | | not properly restrict file... |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| glibc | CVE-2017-16997 | CRITICAL | 2.17-196.el7 | 2.17-260.el7 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2014-4043 | HIGH | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2014-9402 | | | 2.17-222.el7 | glibc: denial of service in |
| | | | | | getnetbyname function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15670 | | | 2.17-222.el7 | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | 2.17-222.el7 | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.17-260.el7 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| glibc-common | CVE-2017-16997 | CRITICAL | | 2.17-260.el7 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2014-4043 | HIGH | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2014-9402 | | | 2.17-222.el7 | glibc: denial of service in |
| | | | | | getnetbyname function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15670 | | | 2.17-222.el7 | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | 2.17-222.el7 | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.17-260.el7 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| gobject-introspection | CVE-2018-12910 | | 1.50.0-1.el7 | 1.56.1-1.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| krb5-libs | CVE-2015-2695 | | 1.15.1-8.el7 | | krb5: SPNEGO context aliasing |
| | | | | | bugs |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-2696 | | | | krb5: IAKERB context aliasing |
| | | | | | flaw |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libX11 | CVE-2015-9262 | | 1.6.5-1.el7 | 1.6.5-2.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7942 | | | | libX11: Insufficient |
| | | | | | validation of server responses |
| | | | | | in XGetImage() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7943 | | | | libX11: Insufficient |
| | | | | | validation of server responses |
| | | | | | in FontNames |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-14599 | | | 1.6.7-2.el7 | libX11: Off-by-one error in |
| | | | | | XListExtensions in ListExt.c |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-14600 | | | | libX11: Out of Bounds write in |
| | | | | | XListExtensions in ListExt.c |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| libX11-common | CVE-2015-9262 | | | 1.6.5-2.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7942 | | | | libX11: Insufficient |
| | | | | | validation of server responses |
| | | | | | in XGetImage() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7943 | | | | libX11: Insufficient |
| | | | | | validation of server responses |
| | | | | | in FontNames |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-14599 | | | 1.6.7-2.el7 | libX11: Off-by-one error in |
| | | | | | XListExtensions in ListExt.c |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-14600 | | | | libX11: Out of Bounds write in |
| | | | | | XListExtensions in ListExt.c |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libXfont | CVE-2015-9262 | | 1.5.2-1.el7 | 1.5.4-1.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libXrender | CVE-2016-7949 | | 0.9.10-1.el7 | | libXrender: Insufficient |
| | | | | | validation of server responses |
| | | | | | results in overflow of |
| | | | | | previously reserved... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7950 | | | | libXrender: Insufficient |
| | | | | | validation of server responses |
| | | | | | results out-of-bounds write in |
| | | | | | XRenderQueryFilters |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libXtst | CVE-2016-7951 | | 1.2.3-1.el7 | | libXtst: Insufficient |
| | | | | | validation of server responses |
| | | | | | result in Integer overflows |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libblkid | CVE-2014-9114 | | 2.23.2-43.el7 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libcurl | CVE-2018-14618 | CRITICAL | 7.29.0-42.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow |
| | | | | | via integer overflow |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-8618 | HIGH | | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000120 | | | 7.29.0-51.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libgcc | CVE-2014-5044 | | 4.8.5-16.el7 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libidn | CVE-2015-2059 | | 1.28-4.el7 | | libidn: out-of-bounds read |
| | | | | | with stringprep on invalid |
| | | | | | UTF-8 |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-14062 | | | | libidn2: Integer overflow in |
| | | | | | puny_decode.c/decode_digit |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libjpeg-turbo | CVE-2019-2201 | CRITICAL | 1.2.90-5.el7 | | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting |
| | | | | | to compress/decompress |
| | | | | | gigapixel... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-12910 | HIGH | | 1.2.90-6.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libmount | CVE-2014-9114 | | 2.23.2-43.el7 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libnl | CVE-2017-0553 | | 1.1.4-3.el7 | | libnl: Integer overflow in |
| | | | | | nlmsg_reserve() |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libpng | CVE-2015-8540 | CRITICAL | 2:1.5.13-7.el7_2 | | libpng: underflow read in |
| | | | | | png_check_keyword() |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-12652 | HIGH | | | libpng: does not check length |
| | | | | | of chunks against user limit |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libssh2 | CVE-2019-3855 | CRITICAL | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.2 | libssh2: Integer overflow in |
| | | | | | transport read resulting in |
| | | | | | out of bounds write... |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libstdc++ | CVE-2014-5044 | HIGH | 4.8.5-16.el7 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libtasn1 | CVE-2018-1000654 | | 4.10-1.el7 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libuuid | CVE-2014-9114 | | 2.23.2-43.el7 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libxcb | CVE-2015-9262 | | 1.12-1.el7 | 1.13-1.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libxml2 | CVE-2016-4658 | CRITICAL | 2.9.1-6.el7_2.3 | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-16931 | HIGH | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7375 | | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| libxml2-python | CVE-2016-4658 | CRITICAL | | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-16931 | HIGH | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7375 | | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libxslt | CVE-2016-4738 | CRITICAL | 1.1.28-5.el7 | | libxslt: Heap overread due to |
| | | | | | an empty decimal-separator |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-4607 | HIGH | | | libxslt: allows remote |
| | | | | | attacker to cause denial of |
| | | | | | service |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4608 | | | | libxslt: stack-based buffer |
| | | | | | overflow at exsltDateFormat() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4609 | | | | libxslt: Out-of-bounds read at |
| | | | | | xmlGetLineNoInternal() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4610 | | | | libxslt: Invalid memory |
| | | | | | access leading to DoS at |
| | | | | | exsltDynMapFunction() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-11068 | | | | libxslt: xsltCheckRead and |
| | | | | | xsltCheckWrite routines |
| | | | | | security bypass by crafted URL |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| ncurses | CVE-2017-10684 | | 5.9-14.20130511.el7_4 | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| ncurses-base | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| ncurses-libs | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| nspr | CVE-2016-1951 | | 4.13.1-1.0.el7_3 | | nspr: Memory allocation |
| | | | | | issue related to PR_*printf |
| | | | | | functions |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| nss | CVE-2019-17006 | | 3.28.4-12.el7_4 | | nss: Check length of inputs |
| | | | | | for cryptographic primitives |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| nss-pem | CVE-2018-1000120 | | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| nss-sysinit | CVE-2019-17006 | | 3.28.4-12.el7_4 | | nss: Check length of inputs |
| | | | | | for cryptographic primitives |
+-----------------------------+ + + +-------------------+ +
| nss-tools | | | | | |
| | | | | | |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| pcre | CVE-2015-8380 | | 8.32-17.el7 | | pcre: OOB write when |
| | | | | | pcre_exec() is called with |
| | | | | | ovecsize of 1 (8.38/10)... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| procps-ng | CVE-2018-1126 | | 3.3.10-16.el7 | 3.3.10-17.el7_5.2 | procps-ng, procps: incorrect |
| | | | | | integer size in proc/alloc.* |
| | | | | | leading to truncation / |
| | | | | | integer... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| python | CVE-2017-1000158 | | 2.7.5-58.el7 | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-8492 | | | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| python-libs | CVE-2017-1000158 | | | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-8492 | | | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| rpm | CVE-2017-7500 | | 4.11.3-25.el7 | | rpm: Following symlinks to |
| | | | | | directories when installing |
| | | | | | packages allows privilege |
| | | | | | escalation |
+-----------------------------+ + + +-------------------+ +
| rpm-build-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + +-------------------+ +
| rpm-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + +-------------------+ +
| rpm-python | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| rsync | CVE-2017-15994 | | 3.0.9-18.el7 | | rsync: Mishandles archaic |
| | | | | | checksums |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-16548 | | | | rsync: Heap-based buffer |
| | | | | | over-read in receive_xattr |
| | | | | | function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-17434 | | | | rsync: daemon does not |
| | | | | | check for fnamecmp filenames |
| | | | | | allowing for access |
| | | | | | restriction... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| slf4j | CVE-2018-8088 | | 1.7.4-3.el7 | 1.7.4-4.el7_4 | slf4j: Deserialisation |
| | | | | | vulnerability in EventData |
| | | | | | constructor can allow for |
| | | | | | arbitrary code execution... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| sqlite | CVE-2015-7036 | | 3.7.17-8.el7 | | sqlite: arbitrary code |
| | | | | | execution on databases with |
| | | | | | malformed schema |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10989 | | | | sqlite: Heap-buffer overflow |
| | | | | | in the getNodeSize function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-8457 | | | | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| systemd | CVE-2018-15686 | CRITICAL | 219-42.el7_4.1 | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-15688 | HIGH | | 219-62.el7_6.2 | systemd: Out-of-bounds heap |
| | | | | | write in systemd-networkd |
| | | | | | dhcpv6 option handling |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6954 | | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| systemd-libs | CVE-2018-15686 | CRITICAL | | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-15688 | HIGH | | 219-62.el7_6.2 | systemd: Out-of-bounds heap |
| | | | | | write in systemd-networkd |
| | | | | | dhcpv6 option handling |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6954 | | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| tomcat-servlet-3.0-api | CVE-2018-8014 | | 7.0.76-2.el7 | 7.0.76-9.el7 | tomcat: Insecure defaults |
| | | | | | in CORS filter enable |
| | | | | | 'supportsCredentials' for all |
| | | | | | origins |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1938 | | | 7.0.76-11.el7_7 | tomcat: Apache Tomcat AJP File |
| | | | | | Read/Inclusion Vulnerability |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| util-linux | CVE-2014-9114 | | 2.23.2-43.el7 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| vim-minimal | CVE-2019-12735 | CRITICAL | 2:7.4.160-2.el7 | 2:7.4.160-6.el7_6 | vim/neovim: ':source!' command |
| | | | | | allows arbitrary command |
| | | | | | execution via modelines |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-5953 | HIGH | | | vim: Tree length values |
| | | | | | not validated properly when |
| | | | | | handling a spell file... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-6350 | | | | vim: Integer overflow at |
| | | | | | an unserialize_uep memory |
| | | | | | allocation site |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| xorg-x11-font-utils | CVE-2015-9262 | | 1:7.5-20.el7 | 1:7.5-21.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| yum-plugin-ovl | CVE-2018-10897 | CRITICAL | 1.1.31-42.el7 | 1.1.31-46.el7_5 | yum-utils: reposync: improper |
| | | | | | path validation may lead to |
| | | | | | directory traversal |
+-----------------------------+ + + + + +
| yum-utils | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
Vulnerabilities found for image zipkin
zipkin:2.14.2
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
| libc6 | CVE-2018-1000001 | HIGH | 2.24-11+deb9u4 | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+-----------------+------------------+ +-------------------+----------------+--------------------------------+
| libexpat1 | CVE-2018-20843 | | 2.2.0-2+deb9u1 | 2.2.0-2+deb9u2 | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
| libjpeg62-turbo | CVE-2019-2201 | CRITICAL | 1:1.5.1-2 | | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting |
| | | | | | to compress/decompress |
| | | | | | gigapixel... |
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
| libpng16-16 | CVE-2017-12652 | HIGH | 1.6.28-1+deb9u1 | | libpng: does not check length |
| | | | | | of chunks against user limit |
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
Vulnerabilities found for image postgres:11.1
postgres:11.1
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| bash | CVE-2019-18276 | HIGH | 4.4-5 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| bsdutils | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| bzip2 | CVE-2019-12900 | | 1.0.6-8.1 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| exim4 | CVE-2019-13917 | CRITICAL | 4.89-2+deb9u3 | 4.89-2+deb9u5 | exim: ${sort} in configuration |
| | | | | | leads to privilege escalation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-15846 | | | 4.89-2+deb9u6 | exim: out-of-bounds access |
| | | | | | in string_interpret_escape() |
| | | | | | leading to buffer overflow in |
| | | | | | the SMTP... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2019-10149 | HIGH | | 4.89-2+deb9u4 | exim: Remote command execution |
| | | | | | in deliver_message() function |
| | | | | | in /src/deliver.c |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| exim4-base | CVE-2019-13917 | CRITICAL | | 4.89-2+deb9u5 | exim: ${sort} in configuration |
| | | | | | leads to privilege escalation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-15846 | | | 4.89-2+deb9u6 | exim: out-of-bounds access |
| | | | | | in string_interpret_escape() |
| | | | | | leading to buffer overflow in |
| | | | | | the SMTP... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2019-10149 | HIGH | | 4.89-2+deb9u4 | exim: Remote command execution |
| | | | | | in deliver_message() function |
| | | | | | in /src/deliver.c |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| exim4-config | CVE-2019-13917 | CRITICAL | | 4.89-2+deb9u5 | exim: ${sort} in configuration |
| | | | | | leads to privilege escalation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-15846 | | | 4.89-2+deb9u6 | exim: out-of-bounds access |
| | | | | | in string_interpret_escape() |
| | | | | | leading to buffer overflow in |
| | | | | | the SMTP... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2019-10149 | HIGH | | 4.89-2+deb9u4 | exim: Remote command execution |
| | | | | | in deliver_message() function |
| | | | | | in /src/deliver.c |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| exim4-daemon-light | CVE-2019-13917 | CRITICAL | | 4.89-2+deb9u5 | exim: ${sort} in configuration |
| | | | | | leads to privilege escalation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-15846 | | | 4.89-2+deb9u6 | exim: out-of-bounds access |
| | | | | | in string_interpret_escape() |
| | | | | | leading to buffer overflow in |
| | | | | | the SMTP... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2019-10149 | HIGH | | 4.89-2+deb9u4 | exim: Remote command execution |
| | | | | | in deliver_message() function |
| | | | | | in /src/deliver.c |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| file | CVE-2019-18218 | | 1:5.30-1+deb9u2 | 1:5.30-1+deb9u3 | file: heap-based |
| | | | | | buffer overflow in |
| | | | | | cdf_read_property_info in |
| | | | | | cdf.c |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| krb5-locales | CVE-2017-11462 | | 1.15-1+deb9u1 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libblkid1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libbz2-1.0 | CVE-2019-12900 | | 1.0.6-8.1 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| libc-bin | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| libc-l10n | CVE-2017-16997 | CRITICAL | | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| libc6 | CVE-2017-16997 | CRITICAL | | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libexpat1 | CVE-2018-20843 | | 2.2.0-2+deb9u1 | 2.2.0-2+deb9u2 | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libfdisk1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libgc1c2 | CVE-2016-9427 | | 1:7.4.2-8 | | gc: Integer overflow in |
| | | | | | GC_MALLOC_ATOMIC |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libgssapi-krb5-2 | CVE-2017-11462 | | 1.15-1+deb9u1 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +-------------------+-----------------------------------------+
| libk5crypto3 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +-------------------+-----------------------------------------+
| libkrb5-3 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +-------------------+-----------------------------------------+
| libkrb5support0 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libmagic-mgc | CVE-2019-18218 | | 1:5.30-1+deb9u2 | 1:5.30-1+deb9u3 | file: heap-based |
| | | | | | buffer overflow in |
| | | | | | cdf_read_property_info in |
| | | | | | cdf.c |
+----------------------+ + + + + +
| libmagic1 | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libmount1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libntlm0 | CVE-2019-17455 | | 1.4-8 | | libntlm: stack-based |
| | | | | | buffer overflow in |
| | | | | | buildSmbNtlmAuthRequest in |
| | | | | | smbutil.c |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libpcre3 | CVE-2017-11164 | | 2:8.39-3 | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libpython2.7 | CVE-2020-8492 | | 2.7.13-2+deb9u3 | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+----------------------+ + + +-------------------+ +
| libpython2.7-minimal | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +-------------------+ +
| libpython2.7-stdlib | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + +-------------------+-------------------+ +
| libpython3.5-minimal | | | 3.5.3-1+deb9u1 | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +-------------------+ +
| libpython3.5-stdlib | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libsmartcols1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libsqlite3-0 | CVE-2019-8457 | | 3.16.2-5+deb9u1 | | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| libsystemd0 | CVE-2017-1000082 | CRITICAL | 232-25+deb9u8 | | systemd: fails to parse |
| | | | | | usernames that start with |
| | | | | | digits |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-15686 | | | 232-25+deb9u10 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1712 | | | | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.10-1.1+deb9u1 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| libudev1 | CVE-2017-1000082 | CRITICAL | 232-25+deb9u8 | | systemd: fails to parse |
| | | | | | usernames that start with |
| | | | | | digits |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-15686 | | | 232-25+deb9u10 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1712 | | | | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libuuid1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libxslt1.1 | CVE-2019-11068 | | 1.1.29-2.1 | 1.1.29-2.1+deb9u1 | libxslt: xsltCheckRead and |
| | | | | | xsltCheckWrite routines |
| | | | | | security bypass by crafted URL |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| locales | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| login | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| mount | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| multiarch-support | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| passwd | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| python3.5 | CVE-2020-8492 | | 3.5.3-1+deb9u1 | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+----------------------+ + + +-------------------+ +
| python3.5-minimal | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| tar | CVE-2005-2541 | CRITICAL | 1.29b-1.1 | | Tar 1.15.1 does not properly |
| | | | | | warn the user when extracting |
| | | | | | setuid or... |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| util-linux | CVE-2016-2779 | HIGH | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
Vulnerabilities found for image spm-central
spm-central:ac5197fe059c729ec469ade9b6ff16af0c89be61-alpine
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| bzip2 | CVE-2019-12900 | HIGH | 1.0.6-r6 | 1.0.6-r7 | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| libjpeg-turbo | CVE-2019-2201 | CRITICAL | 1.5.3-r4 | 1.5.3-r6 | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting |
| | | | | | to compress/decompress |
| | | | | | gigapixel... |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| libtasn1 | CVE-2018-1000654 | HIGH | 4.13-r0 | 4.14-r0 | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+---------------+------------------+ +-------------------+---------------+--------------------------------+
| musl | CVE-2019-14697 | | 1.1.20-r4 | 1.1.20-r5 | musl libc through 1.1.23 |
| | | | | | has an x87 floating-point |
| | | | | | stack adjustment imbalance, |
| | | | | | related... |
+---------------+------------------+ +-------------------+---------------+--------------------------------+
| sqlite | CVE-2019-8457 | | 3.26.0-r3 | 3.28.0-r0 | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
Vulnerabilities found for image spm-user
spm-user:ac5197fe059c729ec469ade9b6ff16af0c89be61-alpine
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| bzip2 | CVE-2019-12900 | HIGH | 1.0.6-r6 | 1.0.6-r7 | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| libjpeg-turbo | CVE-2019-2201 | CRITICAL | 1.5.3-r4 | 1.5.3-r6 | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting |
| | | | | | to compress/decompress |
| | | | | | gigapixel... |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| libtasn1 | CVE-2018-1000654 | HIGH | 4.13-r0 | 4.14-r0 | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+---------------+------------------+ +-------------------+---------------+--------------------------------+
| musl | CVE-2019-14697 | | 1.1.20-r4 | 1.1.20-r5 | musl libc through 1.1.23 |
| | | | | | has an x87 floating-point |
| | | | | | stack adjustment imbalance, |
| | | | | | related... |
+---------------+------------------+ +-------------------+---------------+--------------------------------+
| sqlite | CVE-2019-8457 | | 3.26.0-r3 | 3.28.0-r0 | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
Vulnerabilities found for image spm-central:ac5197fe059c729ec469ade9b6ff16af0c89be61-alpine
spm-central:ac5197fe059c729ec469ade9b6ff16af0c89be61-alpine
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| bzip2 | CVE-2019-12900 | HIGH | 1.0.6-r6 | 1.0.6-r7 | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| libjpeg-turbo | CVE-2019-2201 | CRITICAL | 1.5.3-r4 | 1.5.3-r6 | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting |
| | | | | | to compress/decompress |
| | | | | | gigapixel... |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| libtasn1 | CVE-2018-1000654 | HIGH | 4.13-r0 | 4.14-r0 | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+---------------+------------------+ +-------------------+---------------+--------------------------------+
| musl | CVE-2019-14697 | | 1.1.20-r4 | 1.1.20-r5 | musl libc through 1.1.23 |
| | | | | | has an x87 floating-point |
| | | | | | stack adjustment imbalance, |
| | | | | | related... |
+---------------+------------------+ +-------------------+---------------+--------------------------------+
| sqlite | CVE-2019-8457 | | 3.26.0-r3 | 3.28.0-r0 | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
Vulnerabilities found for image postgres
postgres:11.1
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| bash | CVE-2019-18276 | HIGH | 4.4-5 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| bsdutils | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| bzip2 | CVE-2019-12900 | | 1.0.6-8.1 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| exim4 | CVE-2019-13917 | CRITICAL | 4.89-2+deb9u3 | 4.89-2+deb9u5 | exim: ${sort} in configuration |
| | | | | | leads to privilege escalation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-15846 | | | 4.89-2+deb9u6 | exim: out-of-bounds access |
| | | | | | in string_interpret_escape() |
| | | | | | leading to buffer overflow in |
| | | | | | the SMTP... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2019-10149 | HIGH | | 4.89-2+deb9u4 | exim: Remote command execution |
| | | | | | in deliver_message() function |
| | | | | | in /src/deliver.c |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| exim4-base | CVE-2019-13917 | CRITICAL | | 4.89-2+deb9u5 | exim: ${sort} in configuration |
| | | | | | leads to privilege escalation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-15846 | | | 4.89-2+deb9u6 | exim: out-of-bounds access |
| | | | | | in string_interpret_escape() |
| | | | | | leading to buffer overflow in |
| | | | | | the SMTP... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2019-10149 | HIGH | | 4.89-2+deb9u4 | exim: Remote command execution |
| | | | | | in deliver_message() function |
| | | | | | in /src/deliver.c |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| exim4-config | CVE-2019-13917 | CRITICAL | | 4.89-2+deb9u5 | exim: ${sort} in configuration |
| | | | | | leads to privilege escalation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-15846 | | | 4.89-2+deb9u6 | exim: out-of-bounds access |
| | | | | | in string_interpret_escape() |
| | | | | | leading to buffer overflow in |
| | | | | | the SMTP... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2019-10149 | HIGH | | 4.89-2+deb9u4 | exim: Remote command execution |
| | | | | | in deliver_message() function |
| | | | | | in /src/deliver.c |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| exim4-daemon-light | CVE-2019-13917 | CRITICAL | | 4.89-2+deb9u5 | exim: ${sort} in configuration |
| | | | | | leads to privilege escalation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-15846 | | | 4.89-2+deb9u6 | exim: out-of-bounds access |
| | | | | | in string_interpret_escape() |
| | | | | | leading to buffer overflow in |
| | | | | | the SMTP... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2019-10149 | HIGH | | 4.89-2+deb9u4 | exim: Remote command execution |
| | | | | | in deliver_message() function |
| | | | | | in /src/deliver.c |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| file | CVE-2019-18218 | | 1:5.30-1+deb9u2 | 1:5.30-1+deb9u3 | file: heap-based |
| | | | | | buffer overflow in |
| | | | | | cdf_read_property_info in |
| | | | | | cdf.c |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| krb5-locales | CVE-2017-11462 | | 1.15-1+deb9u1 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libblkid1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libbz2-1.0 | CVE-2019-12900 | | 1.0.6-8.1 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| libc-bin | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| libc-l10n | CVE-2017-16997 | CRITICAL | | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+----------+ +-------------------+-----------------------------------------+
| libc6 | CVE-2017-16997 | CRITICAL | | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libexpat1 | CVE-2018-20843 | | 2.2.0-2+deb9u1 | 2.2.0-2+deb9u2 | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libfdisk1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libgc1c2 | CVE-2016-9427 | | 1:7.4.2-8 | | gc: Integer overflow in |
| | | | | | GC_MALLOC_ATOMIC |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libgssapi-krb5-2 | CVE-2017-11462 | | 1.15-1+deb9u1 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +-------------------+-----------------------------------------+
| libk5crypto3 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +-------------------+-----------------------------------------+
| libkrb5-3 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +-------------------+-----------------------------------------+
| libkrb5support0 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libmagic-mgc | CVE-2019-18218 | | 1:5.30-1+deb9u2 | 1:5.30-1+deb9u3 | file: heap-based |
| | | | | | buffer overflow in |
| | | | | | cdf_read_property_info in |
| | | | | | cdf.c |
+----------------------+ + + + + +
| libmagic1 | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libmount1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libntlm0 | CVE-2019-17455 | | 1.4-8 | | libntlm: stack-based |
| | | | | | buffer overflow in |
| | | | | | buildSmbNtlmAuthRequest in |
| | | | | | smbutil.c |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libpcre3 | CVE-2017-11164 | | 2:8.39-3 | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libpython2.7 | CVE-2020-8492 | | 2.7.13-2+deb9u3 | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+----------------------+ + + +-------------------+ +
| libpython2.7-minimal | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +-------------------+ +
| libpython2.7-stdlib | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + +-------------------+-------------------+ +
| libpython3.5-minimal | | | 3.5.3-1+deb9u1 | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +-------------------+ +
| libpython3.5-stdlib | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libsmartcols1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libsqlite3-0 | CVE-2019-8457 | | 3.16.2-5+deb9u1 | | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| libsystemd0 | CVE-2017-1000082 | CRITICAL | 232-25+deb9u8 | | systemd: fails to parse |
| | | | | | usernames that start with |
| | | | | | digits |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-15686 | | | 232-25+deb9u10 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1712 | | | | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.10-1.1+deb9u1 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| libudev1 | CVE-2017-1000082 | CRITICAL | 232-25+deb9u8 | | systemd: fails to parse |
| | | | | | usernames that start with |
| | | | | | digits |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-15686 | | | 232-25+deb9u10 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1712 | | | | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libuuid1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| libxslt1.1 | CVE-2019-11068 | | 1.1.29-2.1 | 1.1.29-2.1+deb9u1 | libxslt: xsltCheckRead and |
| | | | | | xsltCheckWrite routines |
| | | | | | security bypass by crafted URL |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| locales | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| login | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| mount | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| multiarch-support | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| passwd | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+----------------------+------------------+ +-------------------+-------------------+-----------------------------------------+
| python3.5 | CVE-2020-8492 | | 3.5.3-1+deb9u1 | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+----------------------+ + + +-------------------+ +
| python3.5-minimal | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| tar | CVE-2005-2541 | CRITICAL | 1.29b-1.1 | | Tar 1.15.1 does not properly |
| | | | | | warn the user when extracting |
| | | | | | setuid or... |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
| util-linux | CVE-2016-2779 | HIGH | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+-------------------+-----------------------------------------+
Vulnerabilities found for image zipkin
zipkin:ensure
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| musl | CVE-2019-14697 | HIGH | 1.1.18-r3 | 1.1.18-r4 | musl libc through 1.1.23 |
| | | | | | has an x87 floating-point |
| | | | | | stack adjustment imbalance, |
| | | | | | related... |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
Vulnerabilities found for image proxyv2:0.8.0-istio-71c47ac61-distroless
proxyv2:0.8.0-istio-71c47ac61-distroless
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| libc6 | CVE-2018-1000001 | HIGH | 2.24-11+deb9u4 | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
Vulnerabilities found for image zipkin:ensure
zipkin:ensure
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| musl | CVE-2019-14697 | HIGH | 1.1.18-r3 | 1.1.18-r4 | musl libc through 1.1.23 |
| | | | | | has an x87 floating-point |
| | | | | | stack adjustment imbalance, |
| | | | | | related... |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
Vulnerabilities found for image zipkin:2.14.2
zipkin:2.14.2
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
| libc6 | CVE-2018-1000001 | HIGH | 2.24-11+deb9u4 | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +----------------+--------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+-----------------+------------------+ +-------------------+----------------+--------------------------------+
| libexpat1 | CVE-2018-20843 | | 2.2.0-2+deb9u1 | 2.2.0-2+deb9u2 | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
| libjpeg62-turbo | CVE-2019-2201 | CRITICAL | 1:1.5.1-2 | | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting |
| | | | | | to compress/decompress |
| | | | | | gigapixel... |
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
| libpng16-16 | CVE-2017-12652 | HIGH | 1.6.28-1+deb9u1 | | libpng: does not check length |
| | | | | | of chunks against user limit |
+-----------------+------------------+----------+-------------------+----------------+--------------------------------+
Vulnerabilities found for image elasticsearch:6.4.3
elasticsearch:6.4.3
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| bash | CVE-2019-18276 | HIGH | 4.2.46-30.el7 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9924 | | | 4.2.46-34.el7 | bash: BASH_CMD is writable in |
| | | | | | restricted bash shells |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| binutils | CVE-2014-9939 | | 2.27-28.base.el7_5.1 | | binutils: buffer overflow in |
| | | | | | ihex.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-13716 | | | | binutils: Memory leak with the |
| | | | | | C++ symbol demangler routine |
| | | | | | in libiberty |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-14930 | | | | binutils: Memory leak in |
| | | | | | decode_line_info |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7614 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | bfd_elf_final_link function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8421 | | | | binutils: Memory exhaustion in |
| | | | | | objdump via a crafted PE file |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12699 | | | | binutils: heap-based buffer |
| | | | | | overflow in finish_stab in |
| | | | | | stabs.c |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| bzip2-libs | CVE-2019-12900 | | 1.0.6-13.el7 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| coreutils | CVE-2014-9471 | | 8.22-21.el7 | | coreutils: memory corruption |
| | | | | | flaw in parse_datetime() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-4042 | | | | coreutils: possible buffer |
| | | | | | overflow in keycompare_mb() |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| cracklib | CVE-2016-6318 | | 2.9.0-11.el7 | | cracklib: Stack-based buffer |
| | | | | | overflow when parsing large |
| | | | | | GECOS field |
+-----------------------------+ + + +-------------------+ +
| cracklib-dicts | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| curl | CVE-2018-14618 | CRITICAL | 7.29.0-46.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow |
| | | | | | via integer overflow |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-8618 | HIGH | | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000120 | | | 7.29.0-51.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| dracut | CVE-2016-4484 | | 033-535.el7_5.1 | | dracut: Brute force attack on |
| | | | | | LUKS password decryption via |
| | | | | | initramfs |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| elfutils-default-yama-scope | CVE-2018-16402 | | 0.170-4.el7 | 0.176-2.el7 | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+-----------------------------+ + + + + +
| elfutils-libelf | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + + + +
| elfutils-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| expat | CVE-2015-2716 | | 2.1.0-10.el7_3 | 2.1.0-11.el7 | expat: Integer overflow |
| | | | | | leading to buffer overflow in |
| | | | | | XML_GetBuffer() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-5300 | | | | expat: Little entropy used for |
| | | | | | hash initialization |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-9063 | | | | firefox: Possible integer |
| | | | | | overflow to fix inside |
| | | | | | XML_Parse in Expat |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-20843 | | | | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| file-libs | CVE-2015-8865 | | 5.11-33.el7 | | file: Buffer over-write in |
| | | | | | finfo_open with malformed |
| | | | | | magic file |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| glib2 | CVE-2015-8391 | CRITICAL | 2.54.2-2.el7 | | pcre: inefficient posix |
| | | | | | character class syntax check |
| | | | | | (8.38/16) |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2015-2327 | HIGH | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | zero-repeated groups that |
| | | | | | include recursive back... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-2328 | | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | recursive reference in a group |
| | | | | | with... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8385 | | | | pcre: buffer overflow caused |
| | | | | | by named forward reference to |
| | | | | | duplicate group number... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8386 | | | | pcre: Buffer overflow caused |
| | | | | | by lookbehind assertion |
| | | | | | (8.38/6) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8388 | | | | CVE-2015-5073 CVE-2015-8388 |
| | | | | | pcre: buffer overflow for |
| | | | | | forward reference within |
| | | | | | backward assertion with... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-3191 | | | | pcre: workspace overflow |
| | | | | | for (*ACCEPT) with deeply |
| | | | | | nested parentheses (8.39/13, |
| | | | | | 10.22/12) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12910 | | | 2.56.1-2.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-16428 | | | | glib2: NULL pointer dereference in |
| | | | | | g_markup_parse_context_end_parse() |
| | | | | | function in gmarkup.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-12450 | | | | glib2: file_copy_fallback in |
| | | | | | gio/gfile.c in GNOME GLib does |
| | | | | | not properly restrict file... |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| glibc | CVE-2017-16997 | CRITICAL | 2.17-222.el7 | 2.17-260.el7 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2014-4043 | HIGH | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.17-260.el7 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| glibc-common | CVE-2017-16997 | CRITICAL | | 2.17-260.el7 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2014-4043 | HIGH | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.17-260.el7 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| gobject-introspection | CVE-2018-12910 | | 1.50.0-1.el7 | 1.56.1-1.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| krb5-libs | CVE-2015-2695 | | 1.15.1-19.el7 | | krb5: SPNEGO context aliasing |
| | | | | | bugs |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-2696 | | | | krb5: IAKERB context aliasing |
| | | | | | flaw |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libblkid | CVE-2014-9114 | | 2.23.2-52.el7_5.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| libcurl | CVE-2018-14618 | CRITICAL | 7.29.0-46.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow |
| | | | | | via integer overflow |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-8618 | HIGH | | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000120 | | | 7.29.0-51.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libgcc | CVE-2014-5044 | | 4.8.5-28.el7_5.1 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libidn | CVE-2015-2059 | | 1.28-4.el7 | | libidn: out-of-bounds read |
| | | | | | with stringprep on invalid |
| | | | | | UTF-8 |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-14062 | | | | libidn2: Integer overflow in |
| | | | | | puny_decode.c/decode_digit |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libmount | CVE-2014-9114 | | 2.23.2-52.el7_5.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| libpcap | CVE-2014-4174 | CRITICAL | 14:1.5.3-11.el7 | | libpcap: file parser crash |
| | | | | | (wnpa-sec-2014-05) |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libssh2 | CVE-2019-3855 | | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.2 | libssh2: Integer overflow in |
| | | | | | transport read resulting in |
| | | | | | out of bounds write... |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| libstdc++ | CVE-2014-5044 | HIGH | 4.8.5-28.el7_5.1 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libtasn1 | CVE-2018-1000654 | | 4.10-1.el7 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libuuid | CVE-2014-9114 | | 2.23.2-52.el7_5.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| libxml2 | CVE-2016-4658 | CRITICAL | 2.9.1-6.el7_2.3 | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-16931 | HIGH | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7375 | | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| libxml2-python | CVE-2016-4658 | CRITICAL | | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-16931 | HIGH | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7375 | | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| ncurses | CVE-2017-10684 | | 5.9-14.20130511.el7_4 | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| ncurses-base | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| ncurses-libs | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| nspr | CVE-2016-1951 | | 4.19.0-1.el7_5 | | nspr: Memory allocation |
| | | | | | issue related to PR_*printf |
| | | | | | functions |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| nss | CVE-2019-17006 | | 3.36.0-7.el7_5 | | nss: Check length of inputs |
| | | | | | for cryptographic primitives |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| nss-pem | CVE-2018-1000120 | | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| nss-sysinit | CVE-2019-17006 | | 3.36.0-7.el7_5 | | nss: Check length of inputs |
| | | | | | for cryptographic primitives |
+-----------------------------+ + + +-------------------+ +
| nss-tools | | | | | |
| | | | | | |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| pcre | CVE-2015-8380 | | 8.32-17.el7 | | pcre: OOB write when |
| | | | | | pcre_exec() is called with |
| | | | | | ovecsize of 1 (8.38/10)... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| python | CVE-2017-1000158 | | 2.7.5-69.el7_5 | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-8492 | | | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| python-libs | CVE-2017-1000158 | | | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-8492 | | | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| rpm | CVE-2017-7500 | | 4.11.3-32.el7 | | rpm: Following symlinks to |
| | | | | | directories when installing |
| | | | | | packages allows privilege |
| | | | | | escalation |
+-----------------------------+ + + +-------------------+ +
| rpm-build-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + +-------------------+ +
| rpm-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + +-------------------+ +
| rpm-python | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| sqlite | CVE-2015-7036 | | 3.7.17-8.el7 | | sqlite: arbitrary code |
| | | | | | execution on databases with |
| | | | | | malformed schema |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10989 | | | | sqlite: Heap-buffer overflow |
| | | | | | in the getNodeSize function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-8457 | | | | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| systemd | CVE-2018-15686 | CRITICAL | 219-57.el7_5.3 | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-15688 | HIGH | | 219-62.el7_6.2 | systemd: Out-of-bounds heap |
| | | | | | write in systemd-networkd |
| | | | | | dhcpv6 option handling |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6954 | | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| systemd-libs | CVE-2018-15686 | CRITICAL | | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-15688 | HIGH | | 219-62.el7_6.2 | systemd: Out-of-bounds heap |
| | | | | | write in systemd-networkd |
| | | | | | dhcpv6 option handling |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6954 | | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| util-linux | CVE-2014-9114 | | 2.23.2-52.el7_5.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| vim-minimal | CVE-2019-12735 | CRITICAL | 2:7.4.160-4.el7 | 2:7.4.160-6.el7_6 | vim/neovim: ':source!' command |
| | | | | | allows arbitrary command |
| | | | | | execution via modelines |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-5953 | HIGH | | | vim: Tree length values |
| | | | | | not validated properly when |
| | | | | | handling a spell file... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-6350 | | | | vim: Integer overflow at |
| | | | | | an unserialize_uep memory |
| | | | | | allocation site |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| wget | CVE-2019-5953 | | 1.14-15.el7_4.1 | 1.14-18.el7_6.1 | wget: do_conversion() |
| | | | | | heap-based buffer overflow |
| | | | | | vulnerability |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
Vulnerabilities found for image sso71-openshift
sso71-openshift:1.1-16
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| bash | CVE-2019-18276 | HIGH | 4.2.46-29.el7_4 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9924 | | | 4.2.46-34.el7 | bash: BASH_CMD is writable in |
| | | | | | restricted bash shells |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| binutils | CVE-2014-9939 | | 2.25.1-32.base.el7_4.1 | | binutils: buffer overflow in |
| | | | | | ihex.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-13716 | | | | binutils: Memory leak with the |
| | | | | | C++ symbol demangler routine |
| | | | | | in libiberty |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-14930 | | | | binutils: Memory leak in |
| | | | | | decode_line_info |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7614 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | bfd_elf_final_link function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8421 | | | | binutils: Memory exhaustion in |
| | | | | | objdump via a crafted PE file |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12699 | | | | binutils: heap-based buffer |
| | | | | | overflow in finish_stab in |
| | | | | | stabs.c |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| bzip2-libs | CVE-2019-12900 | | 1.0.6-13.el7 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| coreutils | CVE-2014-9471 | | 8.22-18.el7 | | coreutils: memory corruption |
| | | | | | flaw in parse_datetime() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-4042 | | | | coreutils: possible buffer |
| | | | | | overflow in keycompare_mb() |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| cracklib | CVE-2016-6318 | | 2.9.0-11.el7 | | cracklib: Stack-based buffer |
| | | | | | overflow when parsing large |
| | | | | | GECOS field |
+-----------------------------+ + + +-------------------+ +
| cracklib-dicts | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| curl | CVE-2018-14618 | CRITICAL | 7.29.0-42.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow |
| | | | | | via integer overflow |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-8618 | HIGH | | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000120 | | | 7.29.0-51.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| dracut | CVE-2016-4484 | | 033-502.el7 | | dracut: Brute force attack on |
| | | | | | LUKS password decryption via |
| | | | | | initramfs |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| elfutils-default-yama-scope | CVE-2018-16402 | | 0.168-8.el7 | 0.176-2.el7 | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+-----------------------------+ + + + + +
| elfutils-libelf | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + + + +
| elfutils-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| expat | CVE-2015-2716 | | 2.1.0-10.el7_3 | 2.1.0-11.el7 | expat: Integer overflow |
| | | | | | leading to buffer overflow in |
| | | | | | XML_GetBuffer() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-5300 | | | | expat: Little entropy used for |
| | | | | | hash initialization |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-9063 | | | | firefox: Possible integer |
| | | | | | overflow to fix inside |
| | | | | | XML_Parse in Expat |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-20843 | | | | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| file-libs | CVE-2015-8865 | | 5.11-33.el7 | | file: Buffer over-write in |
| | | | | | finfo_open with malformed |
| | | | | | magic file |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| fontconfig | CVE-2018-12910 | | 2.10.95-11.el7 | 2.13.0-4.3.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| freetype | CVE-2014-9746 | | 2.4.11-15.el7 | | CVE-2014-9747 freetype: Use of |
| | | | | | uninitialized memory |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8105 | | | | freetype: heap-based buffer |
| | | | | | overflow related to the |
| | | | | | t1_decoder_parse_charstrings |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8287 | | | | freetype: heap-based buffer |
| | | | | | overflow related to the |
| | | | | | t1_builder_close_contour |
| | | | | | function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12910 | | | 2.8-12.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| glib2 | CVE-2015-8391 | CRITICAL | 2.50.3-3.el7 | | pcre: inefficient posix |
| | | | | | character class syntax check |
| | | | | | (8.38/16) |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2015-2327 | HIGH | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | zero-repeated groups that |
| | | | | | include recursive back... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-2328 | | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | recursive reference in a group |
| | | | | | with... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8385 | | | | pcre: buffer overflow caused |
| | | | | | by named forward reference to |
| | | | | | duplicate group number... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8386 | | | | pcre: Buffer overflow caused |
| | | | | | by lookbehind assertion |
| | | | | | (8.38/6) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8388 | | | | CVE-2015-5073 CVE-2015-8388 |
| | | | | | pcre: buffer overflow for |
| | | | | | forward reference within |
| | | | | | backward assertion with... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-3191 | | | | pcre: workspace overflow |
| | | | | | for (*ACCEPT) with deeply |
| | | | | | nested parentheses (8.39/13, |
| | | | | | 10.22/12) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12910 | | | 2.56.1-2.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-16428 | | | | glib2: NULL pointer dereference in |
| | | | | | g_markup_parse_context_end_parse() |
| | | | | | function in gmarkup.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-12450 | | | | glib2: file_copy_fallback in |
| | | | | | gio/gfile.c in GNOME GLib does |
| | | | | | not properly restrict file... |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| glibc | CVE-2017-16997 | CRITICAL | 2.17-196.el7 | 2.17-260.el7 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2014-4043 | HIGH | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2014-9402 | | | 2.17-222.el7 | glibc: denial of service in |
| | | | | | getnetbyname function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15670 | | | 2.17-222.el7 | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | 2.17-222.el7 | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.17-260.el7 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| glibc-common | CVE-2017-16997 | CRITICAL | | 2.17-260.el7 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2014-4043 | HIGH | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2014-9402 | | | 2.17-222.el7 | glibc: denial of service in |
| | | | | | getnetbyname function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15670 | | | 2.17-222.el7 | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | 2.17-222.el7 | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.17-260.el7 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| gobject-introspection | CVE-2018-12910 | | 1.50.0-1.el7 | 1.56.1-1.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| krb5-libs | CVE-2015-2695 | | 1.15.1-8.el7 | | krb5: SPNEGO context aliasing |
| | | | | | bugs |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-2696 | | | | krb5: IAKERB context aliasing |
| | | | | | flaw |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libX11 | CVE-2015-9262 | | 1.6.5-1.el7 | 1.6.5-2.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7942 | | | | libX11: Insufficient |
| | | | | | validation of server responses |
| | | | | | in XGetImage() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7943 | | | | libX11: Insufficient |
| | | | | | validation of server responses |
| | | | | | in FontNames |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-14599 | | | 1.6.7-2.el7 | libX11: Off-by-one error in |
| | | | | | XListExtensions in ListExt.c |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-14600 | | | | libX11: Out of Bounds write in |
| | | | | | XListExtensions in ListExt.c |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| libX11-common | CVE-2015-9262 | | | 1.6.5-2.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7942 | | | | libX11: Insufficient |
| | | | | | validation of server responses |
| | | | | | in XGetImage() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7943 | | | | libX11: Insufficient |
| | | | | | validation of server responses |
| | | | | | in FontNames |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-14599 | | | 1.6.7-2.el7 | libX11: Off-by-one error in |
| | | | | | XListExtensions in ListExt.c |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-14600 | | | | libX11: Out of Bounds write in |
| | | | | | XListExtensions in ListExt.c |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libXfont | CVE-2015-9262 | | 1.5.2-1.el7 | 1.5.4-1.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libXrender | CVE-2016-7949 | | 0.9.10-1.el7 | | libXrender: Insufficient |
| | | | | | validation of server responses |
| | | | | | results in overflow of |
| | | | | | previously reserved... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-7950 | | | | libXrender: Insufficient |
| | | | | | validation of server responses |
| | | | | | results out-of-bounds write in |
| | | | | | XRenderQueryFilters |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libXtst | CVE-2016-7951 | | 1.2.3-1.el7 | | libXtst: Insufficient |
| | | | | | validation of server responses |
| | | | | | result in Integer overflows |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libblkid | CVE-2014-9114 | | 2.23.2-43.el7 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libcurl | CVE-2018-14618 | CRITICAL | 7.29.0-42.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow |
| | | | | | via integer overflow |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-8618 | HIGH | | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000120 | | | 7.29.0-51.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libgcc | CVE-2014-5044 | | 4.8.5-16.el7 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libidn | CVE-2015-2059 | | 1.28-4.el7 | | libidn: out-of-bounds read |
| | | | | | with stringprep on invalid |
| | | | | | UTF-8 |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-14062 | | | | libidn2: Integer overflow in |
| | | | | | puny_decode.c/decode_digit |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libjpeg-turbo | CVE-2019-2201 | CRITICAL | 1.2.90-5.el7 | | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting |
| | | | | | to compress/decompress |
| | | | | | gigapixel... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-12910 | HIGH | | 1.2.90-6.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libmount | CVE-2014-9114 | | 2.23.2-43.el7 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libnl | CVE-2017-0553 | | 1.1.4-3.el7 | | libnl: Integer overflow in |
| | | | | | nlmsg_reserve() |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libpng | CVE-2015-8540 | CRITICAL | 2:1.5.13-7.el7_2 | | libpng: underflow read in |
| | | | | | png_check_keyword() |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-12652 | HIGH | | | libpng: does not check length |
| | | | | | of chunks against user limit |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libssh2 | CVE-2019-3855 | CRITICAL | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.2 | libssh2: Integer overflow in |
| | | | | | transport read resulting in |
| | | | | | out of bounds write... |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libstdc++ | CVE-2014-5044 | HIGH | 4.8.5-16.el7 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libtasn1 | CVE-2018-1000654 | | 4.10-1.el7 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libuuid | CVE-2014-9114 | | 2.23.2-43.el7 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| libxcb | CVE-2015-9262 | | 1.12-1.el7 | 1.13-1.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libxml2 | CVE-2016-4658 | CRITICAL | 2.9.1-6.el7_2.3 | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-16931 | HIGH | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7375 | | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| libxml2-python | CVE-2016-4658 | CRITICAL | | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-16931 | HIGH | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7375 | | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| libxslt | CVE-2016-4738 | CRITICAL | 1.1.28-5.el7 | | libxslt: Heap overread due to |
| | | | | | an empty decimal-separator |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-4607 | HIGH | | | libxslt: allows remote |
| | | | | | attacker to cause denial of |
| | | | | | service |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4608 | | | | libxslt: stack-based buffer |
| | | | | | overflow at exsltDateFormat() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4609 | | | | libxslt: Out-of-bounds read at |
| | | | | | xmlGetLineNoInternal() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4610 | | | | libxslt: Invalid memory |
| | | | | | access leading to DoS at |
| | | | | | exsltDynMapFunction() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-11068 | | | | libxslt: xsltCheckRead and |
| | | | | | xsltCheckWrite routines |
| | | | | | security bypass by crafted URL |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| ncurses | CVE-2017-10684 | | 5.9-14.20130511.el7_4 | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| ncurses-base | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| ncurses-libs | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| nspr | CVE-2016-1951 | | 4.13.1-1.0.el7_3 | | nspr: Memory allocation |
| | | | | | issue related to PR_*printf |
| | | | | | functions |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| nss | CVE-2019-17006 | | 3.28.4-12.el7_4 | | nss: Check length of inputs |
| | | | | | for cryptographic primitives |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| nss-pem | CVE-2018-1000120 | | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| nss-sysinit | CVE-2019-17006 | | 3.28.4-12.el7_4 | | nss: Check length of inputs |
| | | | | | for cryptographic primitives |
+-----------------------------+ + + +-------------------+ +
| nss-tools | | | | | |
| | | | | | |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| pcre | CVE-2015-8380 | | 8.32-17.el7 | | pcre: OOB write when |
| | | | | | pcre_exec() is called with |
| | | | | | ovecsize of 1 (8.38/10)... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| procps-ng | CVE-2018-1126 | | 3.3.10-16.el7 | 3.3.10-17.el7_5.2 | procps-ng, procps: incorrect |
| | | | | | integer size in proc/alloc.* |
| | | | | | leading to truncation / |
| | | | | | integer... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| python | CVE-2017-1000158 | | 2.7.5-58.el7 | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-8492 | | | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| python-libs | CVE-2017-1000158 | | | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-8492 | | | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| rpm | CVE-2017-7500 | | 4.11.3-25.el7 | | rpm: Following symlinks to |
| | | | | | directories when installing |
| | | | | | packages allows privilege |
| | | | | | escalation |
+-----------------------------+ + + +-------------------+ +
| rpm-build-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + +-------------------+ +
| rpm-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + +-------------------+ +
| rpm-python | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| rsync | CVE-2017-15994 | | 3.0.9-18.el7 | | rsync: Mishandles archaic |
| | | | | | checksums |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-16548 | | | | rsync: Heap-based buffer |
| | | | | | over-read in receive_xattr |
| | | | | | function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-17434 | | | | rsync: daemon does not |
| | | | | | check for fnamecmp filenames |
| | | | | | allowing for access |
| | | | | | restriction... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| slf4j | CVE-2018-8088 | | 1.7.4-3.el7 | 1.7.4-4.el7_4 | slf4j: Deserialisation |
| | | | | | vulnerability in EventData |
| | | | | | constructor can allow for |
| | | | | | arbitrary code execution... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| sqlite | CVE-2015-7036 | | 3.7.17-8.el7 | | sqlite: arbitrary code |
| | | | | | execution on databases with |
| | | | | | malformed schema |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10989 | | | | sqlite: Heap-buffer overflow |
| | | | | | in the getNodeSize function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-8457 | | | | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| systemd | CVE-2018-15686 | CRITICAL | 219-42.el7_4.1 | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-15688 | HIGH | | 219-62.el7_6.2 | systemd: Out-of-bounds heap |
| | | | | | write in systemd-networkd |
| | | | | | dhcpv6 option handling |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6954 | | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| systemd-libs | CVE-2018-15686 | CRITICAL | | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-15688 | HIGH | | 219-62.el7_6.2 | systemd: Out-of-bounds heap |
| | | | | | write in systemd-networkd |
| | | | | | dhcpv6 option handling |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6954 | | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| tomcat-servlet-3.0-api | CVE-2018-8014 | | 7.0.76-2.el7 | 7.0.76-9.el7 | tomcat: Insecure defaults |
| | | | | | in CORS filter enable |
| | | | | | 'supportsCredentials' for all |
| | | | | | origins |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1938 | | | 7.0.76-11.el7_7 | tomcat: Apache Tomcat AJP File |
| | | | | | Read/Inclusion Vulnerability |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| util-linux | CVE-2014-9114 | | 2.23.2-43.el7 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| vim-minimal | CVE-2019-12735 | CRITICAL | 2:7.4.160-2.el7 | 2:7.4.160-6.el7_6 | vim/neovim: ':source!' command |
| | | | | | allows arbitrary command |
| | | | | | execution via modelines |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-5953 | HIGH | | | vim: Tree length values |
| | | | | | not validated properly when |
| | | | | | handling a spell file... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-6350 | | | | vim: Integer overflow at |
| | | | | | an unserialize_uep memory |
| | | | | | allocation site |
+-----------------------------+------------------+ +------------------------+-------------------+-----------------------------------------+
| xorg-x11-font-utils | CVE-2015-9262 | | 1:7.5-20.el7 | 1:7.5-21.el7 | libxcursor: 1-byte |
| | | | | | heap-based overflow in |
| | | | | | _XcursorThemeInherits function |
| | | | | | in library.c |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
| yum-plugin-ovl | CVE-2018-10897 | CRITICAL | 1.1.31-42.el7 | 1.1.31-46.el7_5 | yum-utils: reposync: improper |
| | | | | | path validation may lead to |
| | | | | | directory traversal |
+-----------------------------+ + + + + +
| yum-utils | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+----------+------------------------+-------------------+-----------------------------------------+
Vulnerabilities found for image proxyv2:0.8.0-istio-71c47ac61-distroless
proxyv2:0.8.0-istio-71c47ac61-distroless
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| libc6 | CVE-2018-1000001 | HIGH | 2.24-11+deb9u4 | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
Vulnerabilities found for image proxyv2
proxyv2:0.8.0-istio-71c47ac61-distroless
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
| libc6 | CVE-2018-1000001 | HIGH | 2.24-11+deb9u4 | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +---------------+--------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
Vulnerabilities found for image elasticsearch
elasticsearch:6.4.3
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| bash | CVE-2019-18276 | HIGH | 4.2.46-30.el7 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9924 | | | 4.2.46-34.el7 | bash: BASH_CMD is writable in |
| | | | | | restricted bash shells |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| binutils | CVE-2014-9939 | | 2.27-28.base.el7_5.1 | | binutils: buffer overflow in |
| | | | | | ihex.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-13716 | | | | binutils: Memory leak with the |
| | | | | | C++ symbol demangler routine |
| | | | | | in libiberty |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-14930 | | | | binutils: Memory leak in |
| | | | | | decode_line_info |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7614 | | | | binutils: NULL |
| | | | | | pointer dereference in |
| | | | | | bfd_elf_final_link function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8421 | | | | binutils: Memory exhaustion in |
| | | | | | objdump via a crafted PE file |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12699 | | | | binutils: heap-based buffer |
| | | | | | overflow in finish_stab in |
| | | | | | stabs.c |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| bzip2-libs | CVE-2019-12900 | | 1.0.6-13.el7 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| coreutils | CVE-2014-9471 | | 8.22-21.el7 | | coreutils: memory corruption |
| | | | | | flaw in parse_datetime() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-4042 | | | | coreutils: possible buffer |
| | | | | | overflow in keycompare_mb() |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| cracklib | CVE-2016-6318 | | 2.9.0-11.el7 | | cracklib: Stack-based buffer |
| | | | | | overflow when parsing large |
| | | | | | GECOS field |
+-----------------------------+ + + +-------------------+ +
| cracklib-dicts | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| curl | CVE-2018-14618 | CRITICAL | 7.29.0-46.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow |
| | | | | | via integer overflow |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-8618 | HIGH | | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000120 | | | 7.29.0-51.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| dracut | CVE-2016-4484 | | 033-535.el7_5.1 | | dracut: Brute force attack on |
| | | | | | LUKS password decryption via |
| | | | | | initramfs |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| elfutils-default-yama-scope | CVE-2018-16402 | | 0.170-4.el7 | 0.176-2.el7 | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+-----------------------------+ + + + + +
| elfutils-libelf | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + + + +
| elfutils-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| expat | CVE-2015-2716 | | 2.1.0-10.el7_3 | 2.1.0-11.el7 | expat: Integer overflow |
| | | | | | leading to buffer overflow in |
| | | | | | XML_GetBuffer() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-5300 | | | | expat: Little entropy used for |
| | | | | | hash initialization |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-9063 | | | | firefox: Possible integer |
| | | | | | overflow to fix inside |
| | | | | | XML_Parse in Expat |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-20843 | | | | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| file-libs | CVE-2015-8865 | | 5.11-33.el7 | | file: Buffer over-write in |
| | | | | | finfo_open with malformed |
| | | | | | magic file |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| glib2 | CVE-2015-8391 | CRITICAL | 2.54.2-2.el7 | | pcre: inefficient posix |
| | | | | | character class syntax check |
| | | | | | (8.38/16) |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2015-2327 | HIGH | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | zero-repeated groups that |
| | | | | | include recursive back... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-2328 | | | | pcre: infinite recursion |
| | | | | | compiling pattern with |
| | | | | | recursive reference in a group |
| | | | | | with... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8385 | | | | pcre: buffer overflow caused |
| | | | | | by named forward reference to |
| | | | | | duplicate group number... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8386 | | | | pcre: Buffer overflow caused |
| | | | | | by lookbehind assertion |
| | | | | | (8.38/6) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8388 | | | | CVE-2015-5073 CVE-2015-8388 |
| | | | | | pcre: buffer overflow for |
| | | | | | forward reference within |
| | | | | | backward assertion with... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-3191 | | | | pcre: workspace overflow |
| | | | | | for (*ACCEPT) with deeply |
| | | | | | nested parentheses (8.39/13, |
| | | | | | 10.22/12) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-12910 | | | 2.56.1-2.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-16428 | | | | glib2: NULL pointer dereference in |
| | | | | | g_markup_parse_context_end_parse() |
| | | | | | function in gmarkup.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-12450 | | | | glib2: file_copy_fallback in |
| | | | | | gio/gfile.c in GNOME GLib does |
| | | | | | not properly restrict file... |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| glibc | CVE-2017-16997 | CRITICAL | 2.17-222.el7 | 2.17-260.el7 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2014-4043 | HIGH | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.17-260.el7 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| glibc-common | CVE-2017-16997 | CRITICAL | | 2.17-260.el7 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2014-4043 | HIGH | | | glibc: |
| | | | | | posix_spawn_file_actions_addopen |
| | | | | | fails to copy the path argument |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-4429 | | | | glibc: libtirpc: stack |
| | | | | | (frame) overflow in Sun RPC |
| | | | | | clntudp_call() |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8804 | | | | glibc: memory leak in sunrpc |
| | | | | | when decoding malformed XDR |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.17-260.el7 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| gobject-introspection | CVE-2018-12910 | | 1.50.0-1.el7 | 1.56.1-1.el7 | libsoup: Crash in |
| | | | | | soup_cookie_jar.c:get_cookies() |
| | | | | | on empty hostnames |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| krb5-libs | CVE-2015-2695 | | 1.15.1-19.el7 | | krb5: SPNEGO context aliasing |
| | | | | | bugs |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-2696 | | | | krb5: IAKERB context aliasing |
| | | | | | flaw |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libblkid | CVE-2014-9114 | | 2.23.2-52.el7_5.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| libcurl | CVE-2018-14618 | CRITICAL | 7.29.0-46.el7 | 7.29.0-51.el7_6.3 | curl: NTLM password overflow |
| | | | | | via integer overflow |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2016-8618 | HIGH | | | curl: Double-free in |
| | | | | | curl_maprintf |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8619 | | | | curl: Double-free in krb5 code |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-8622 | | | | curl: URL unescape heap |
| | | | | | overflow via integer |
| | | | | | truncation |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-8817 | | | | curl: FTP wildcard out of |
| | | | | | bounds read |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-1000120 | | | 7.29.0-51.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libgcc | CVE-2014-5044 | | 4.8.5-28.el7_5.1 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libidn | CVE-2015-2059 | | 1.28-4.el7 | | libidn: out-of-bounds read |
| | | | | | with stringprep on invalid |
| | | | | | UTF-8 |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-14062 | | | | libidn2: Integer overflow in |
| | | | | | puny_decode.c/decode_digit |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libmount | CVE-2014-9114 | | 2.23.2-52.el7_5.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| libpcap | CVE-2014-4174 | CRITICAL | 14:1.5.3-11.el7 | | libpcap: file parser crash |
| | | | | | (wnpa-sec-2014-05) |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libssh2 | CVE-2019-3855 | | 1.4.3-10.el7_2.1 | 1.4.3-12.el7_6.2 | libssh2: Integer overflow in |
| | | | | | transport read resulting in |
| | | | | | out of bounds write... |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| libstdc++ | CVE-2014-5044 | HIGH | 4.8.5-28.el7_5.1 | | gcc: integer overflow flaws in |
| | | | | | libgfortran |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libtasn1 | CVE-2018-1000654 | | 4.10-1.el7 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| libuuid | CVE-2014-9114 | | 2.23.2-52.el7_5.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| libxml2 | CVE-2016-4658 | CRITICAL | 2.9.1-6.el7_2.3 | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-16931 | HIGH | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7375 | | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| libxml2-python | CVE-2016-4658 | CRITICAL | | | libxml2: Use after free via |
| | | | | | namespace node in XPointer |
| | | | | | ranges |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-16931 | HIGH | | | libxml2: Mishandling |
| | | | | | parameter-entity references |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-7375 | | | | libxml2: Missing validation |
| | | | | | for external entities in |
| | | | | | xmlParsePEReference |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| ncurses | CVE-2017-10684 | | 5.9-14.20130511.el7_4 | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| ncurses-base | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| ncurses-libs | CVE-2017-10684 | | | | ncurses: Stack-based buffer |
| | | | | | overflow in fmt_entry function |
| | | | | | in dump_entry.c |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10685 | | | | ncurses: Stack-based buffer |
| | | | | | overflow caused by format |
| | | | | | string vulnerability in |
| | | | | | fmt_entry function... |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| nspr | CVE-2016-1951 | | 4.19.0-1.el7_5 | | nspr: Memory allocation |
| | | | | | issue related to PR_*printf |
| | | | | | functions |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| nss | CVE-2019-17006 | | 3.36.0-7.el7_5 | | nss: Check length of inputs |
| | | | | | for cryptographic primitives |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| nss-pem | CVE-2018-1000120 | | 1.0.3-4.el7 | 1.0.3-5.el7 | curl: FTP path trickery leads |
| | | | | | to NIL byte out of bounds |
| | | | | | write... |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| nss-sysinit | CVE-2019-17006 | | 3.36.0-7.el7_5 | | nss: Check length of inputs |
| | | | | | for cryptographic primitives |
+-----------------------------+ + + +-------------------+ +
| nss-tools | | | | | |
| | | | | | |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| pcre | CVE-2015-8380 | | 8.32-17.el7 | | pcre: OOB write when |
| | | | | | pcre_exec() is called with |
| | | | | | ovecsize of 1 (8.38/10)... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8387 | | | | pcre: Integer overflow in |
| | | | | | subroutine calls (8.38/8) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8390 | | | | pcre: uninitialized memory |
| | | | | | read triggered by malformed |
| | | | | | posix character class |
| | | | | | (8.38/22) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2015-8394 | | | | pcre: Integer overflow caused |
| | | | | | by missing check for certain |
| | | | | | conditions (8.38/31) |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-11164 | | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| python | CVE-2017-1000158 | | 2.7.5-69.el7_5 | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-8492 | | | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+-----------------------------+------------------+ + +-------------------+-----------------------------------------+
| python-libs | CVE-2017-1000158 | | | | python: Integer overflow in |
| | | | | | PyString_DecodeEscape results |
| | | | | | in heap-base buffer overflow |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2020-8492 | | | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| rpm | CVE-2017-7500 | | 4.11.3-32.el7 | | rpm: Following symlinks to |
| | | | | | directories when installing |
| | | | | | packages allows privilege |
| | | | | | escalation |
+-----------------------------+ + + +-------------------+ +
| rpm-build-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + +-------------------+ +
| rpm-libs | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+ + + +-------------------+ +
| rpm-python | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| sqlite | CVE-2015-7036 | | 3.7.17-8.el7 | | sqlite: arbitrary code |
| | | | | | execution on databases with |
| | | | | | malformed schema |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-10989 | | | | sqlite: Heap-buffer overflow |
| | | | | | in the getNodeSize function |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2019-8457 | | | | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| systemd | CVE-2018-15686 | CRITICAL | 219-57.el7_5.3 | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-15688 | HIGH | | 219-62.el7_6.2 | systemd: Out-of-bounds heap |
| | | | | | write in systemd-networkd |
| | | | | | dhcpv6 option handling |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6954 | | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+-----------------------------+------------------+----------+ +-------------------+-----------------------------------------+
| systemd-libs | CVE-2018-15686 | CRITICAL | | 219-67.el7 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2018-15688 | HIGH | | 219-62.el7_6.2 | systemd: Out-of-bounds heap |
| | | | | | write in systemd-networkd |
| | | | | | dhcpv6 option handling |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2018-6954 | | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| util-linux | CVE-2014-9114 | | 2.23.2-52.el7_5.1 | | util-linux: command injection |
| | | | | | flaw in blkid |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2016-2779 | | | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
| vim-minimal | CVE-2019-12735 | CRITICAL | 2:7.4.160-4.el7 | 2:7.4.160-6.el7_6 | vim/neovim: ':source!' command |
| | | | | | allows arbitrary command |
| | | | | | execution via modelines |
+ +------------------+----------+ +-------------------+-----------------------------------------+
| | CVE-2017-5953 | HIGH | | | vim: Tree length values |
| | | | | | not validated properly when |
| | | | | | handling a spell file... |
+ +------------------+ + +-------------------+-----------------------------------------+
| | CVE-2017-6350 | | | | vim: Integer overflow at |
| | | | | | an unserialize_uep memory |
| | | | | | allocation site |
+-----------------------------+------------------+ +-----------------------+-------------------+-----------------------------------------+
| wget | CVE-2019-5953 | | 1.14-15.el7_4.1 | 1.14-18.el7_6.1 | wget: do_conversion() |
| | | | | | heap-based buffer overflow |
| | | | | | vulnerability |
+-----------------------------+------------------+----------+-----------------------+-------------------+-----------------------------------------+
Vulnerabilities found for image tetrate-openldap:2019-10-24
tetrate-openldap:2019-10-24
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| apt | CVE-2019-3462 | CRITICAL | 1.4.8 | 1.4.9 | Incorrect sanitation of the |
| | | | | | 302 redirect field in HTTP |
| | | | | | transport method of... |
+----------------------+ + + + + +
| apt-transport-https | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + + + +
| apt-utils | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| bash | CVE-2019-18276 | HIGH | 4.4-5 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| bsdutils | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| krb5-kdc | CVE-2017-11462 | | 1.15-1+deb9u1 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| krb5-kdc-ldap | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| krb5-user | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libapt-inst2.0 | CVE-2019-3462 | CRITICAL | 1.4.8 | 1.4.9 | Incorrect sanitation of the |
| | | | | | 302 redirect field in HTTP |
| | | | | | transport method of... |
+----------------------+ + + + + +
| libapt-pkg5.0 | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libblkid1 | CVE-2016-2779 | HIGH | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libbz2-1.0 | CVE-2019-12900 | | 1.0.6-8.1 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libc-bin | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+----------+ +------------------+-----------------------------------------+
| libc-l10n | CVE-2017-16997 | CRITICAL | | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+----------+ +------------------+-----------------------------------------+
| libc6 | CVE-2017-16997 | CRITICAL | | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libcurl3-gnutls | CVE-2019-3822 | | 7.52.1-5+deb9u8 | 7.52.1-5+deb9u9 | curl: NTLMv2 type-3 header |
| | | | | | stack buffer overflow |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-5481 | | | 7.52.1-5+deb9u10 | curl: double free due to |
| | | | | | subsequent call of realloc() |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libelf1 | CVE-2018-16402 | | 0.168-1 | | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libexpat1 | CVE-2018-20843 | | 2.2.0-2+deb9u1 | 2.2.0-2+deb9u2 | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libfdisk1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libgssapi-krb5-2 | CVE-2017-11462 | | 1.15-1+deb9u1 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libgssrpc4 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libk5crypto3 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkadm5clnt-mit11 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkadm5srv-mit11 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkdb5-8 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkrb5-3 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkrb5support0 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libmount1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libnghttp2-14 | CVE-2019-9511 | | 1.18.1-1 | 1.18.1-1+deb9u1 | HTTP/2: large amount of data |
| | | | | | requests leads to denial of |
| | | | | | service |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2019-9513 | | | | HTTP/2: flood using PRIORITY |
| | | | | | frames results in excessive |
| | | | | | resource consumption |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libodbc1 | CVE-2018-7409 | | 2.3.4-1 | | unixODBC: Buffer overflow |
| | | | | | in unicode_to_ansi_copy() |
| | | | | | can lead to crash or other |
| | | | | | unspecified... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libonig4 | CVE-2019-13224 | | 6.1.3-2 | | oniguruma: use-after-free in |
| | | | | | onig_new_deluxe() in regext.c |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-19012 | | | | oniguruma: integer overflow |
| | | | | | in search_in_range function |
| | | | | | in regexec.c leads to |
| | | | | | out-of-bounds read... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libpcre3 | CVE-2017-11164 | | 2:8.39-3 | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libpq5 | CVE-2019-9193 | CRITICAL | 9.6.10-0+deb9u1 | | postgresql: Command injection |
| | | | | | via "COPY TO/FROM PROGRAM" |
| | | | | | function |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libpython-stdlib | CVE-2008-4108 | HIGH | 2.7.13-2 | | python: Generic FAQ wizard |
| | | | | | moving tool insecure auxiliary |
| | | | | | /tmp file usage (symlink... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libpython2.7-minimal | CVE-2020-8492 | | 2.7.13-2+deb9u3 | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+----------------------+ + + +------------------+ +
| libpython2.7-stdlib | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libsmartcols1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libsqlite3-0 | CVE-2019-8457 | | 3.16.2-5+deb9u1 | | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libssh2-1 | CVE-2019-3855 | CRITICAL | 1.7.0-1 | 1.7.0-1+deb9u1 | libssh2: Integer overflow in |
| | | | | | transport read resulting in |
| | | | | | out of bounds write... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libsystemd0 | CVE-2017-1000082 | | 232-25+deb9u8 | | systemd: fails to parse |
| | | | | | usernames that start with |
| | | | | | digits |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-15686 | | | 232-25+deb9u10 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +------------------+-----------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1712 | | | | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.10-1.1+deb9u1 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libudev1 | CVE-2017-1000082 | CRITICAL | 232-25+deb9u8 | | systemd: fails to parse |
| | | | | | usernames that start with |
| | | | | | digits |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-15686 | | | 232-25+deb9u10 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +------------------+-----------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1712 | | | | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libuuid1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| locales | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| login | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| mount | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| multiarch-support | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| passwd | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| python | CVE-2008-4108 | | 2.7.13-2 | | python: Generic FAQ wizard |
| | | | | | moving tool insecure auxiliary |
| | | | | | /tmp file usage (symlink... |
+----------------------+ + + +------------------+ +
| python-minimal | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| python-yaml | CVE-2017-18342 | | 3.12-1 | | PyYAML: yaml.load() API could |
| | | | | | execute arbitrary code |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| python2.7 | CVE-2020-8492 | | 2.7.13-2+deb9u3 | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+----------------------+ + + +------------------+ +
| python2.7-minimal | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| tar | CVE-2005-2541 | CRITICAL | 1.29b-1.1 | | Tar 1.15.1 does not properly |
| | | | | | warn the user when extracting |
| | | | | | setuid or... |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| util-linux | CVE-2016-2779 | HIGH | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
Vulnerabilities found for image tetrate-openldap
tetrate-openldap:2019-10-24
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| apt | CVE-2019-3462 | CRITICAL | 1.4.8 | 1.4.9 | Incorrect sanitation of the |
| | | | | | 302 redirect field in HTTP |
| | | | | | transport method of... |
+----------------------+ + + + + +
| apt-transport-https | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + + + +
| apt-utils | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| bash | CVE-2019-18276 | HIGH | 4.4-5 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| bsdutils | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| krb5-kdc | CVE-2017-11462 | | 1.15-1+deb9u1 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| krb5-kdc-ldap | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| krb5-user | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libapt-inst2.0 | CVE-2019-3462 | CRITICAL | 1.4.8 | 1.4.9 | Incorrect sanitation of the |
| | | | | | 302 redirect field in HTTP |
| | | | | | transport method of... |
+----------------------+ + + + + +
| libapt-pkg5.0 | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libblkid1 | CVE-2016-2779 | HIGH | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libbz2-1.0 | CVE-2019-12900 | | 1.0.6-8.1 | | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libc-bin | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+----------+ +------------------+-----------------------------------------+
| libc-l10n | CVE-2017-16997 | CRITICAL | | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+----------+ +------------------+-----------------------------------------+
| libc6 | CVE-2017-16997 | CRITICAL | | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libcurl3-gnutls | CVE-2019-3822 | | 7.52.1-5+deb9u8 | 7.52.1-5+deb9u9 | curl: NTLMv2 type-3 header |
| | | | | | stack buffer overflow |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-5481 | | | 7.52.1-5+deb9u10 | curl: double free due to |
| | | | | | subsequent call of realloc() |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2019-5482 | | | | curl: heap buffer overflow in |
| | | | | | function tftp_receive_packet() |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libelf1 | CVE-2018-16402 | | 0.168-1 | | elfutils: Double-free due |
| | | | | | to double decompression |
| | | | | | of sections in crafted ELF |
| | | | | | causes... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libexpat1 | CVE-2018-20843 | | 2.2.0-2+deb9u1 | 2.2.0-2+deb9u2 | expat: large number of colons |
| | | | | | in input makes parser consume |
| | | | | | high amount... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libfdisk1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libgssapi-krb5-2 | CVE-2017-11462 | | 1.15-1+deb9u1 | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libgssrpc4 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libk5crypto3 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkadm5clnt-mit11 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkadm5srv-mit11 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkdb5-8 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkrb5-3 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ + +------------------+-----------------------------------------+
| libkrb5support0 | CVE-2017-11462 | | | | krb5: Automatic sec context |
| | | | | | deletion could lead to |
| | | | | | double-free |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2017-15088 | | | | krb5: Buffer overflow in |
| | | | | | get_matching_data() |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libmount1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libnghttp2-14 | CVE-2019-9511 | | 1.18.1-1 | 1.18.1-1+deb9u1 | HTTP/2: large amount of data |
| | | | | | requests leads to denial of |
| | | | | | service |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2019-9513 | | | | HTTP/2: flood using PRIORITY |
| | | | | | frames results in excessive |
| | | | | | resource consumption |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libodbc1 | CVE-2018-7409 | | 2.3.4-1 | | unixODBC: Buffer overflow |
| | | | | | in unicode_to_ansi_copy() |
| | | | | | can lead to crash or other |
| | | | | | unspecified... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libonig4 | CVE-2019-13224 | | 6.1.3-2 | | oniguruma: use-after-free in |
| | | | | | onig_new_deluxe() in regext.c |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-19012 | | | | oniguruma: integer overflow |
| | | | | | in search_in_range function |
| | | | | | in regexec.c leads to |
| | | | | | out-of-bounds read... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libpcre3 | CVE-2017-11164 | | 2:8.39-3 | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libpq5 | CVE-2019-9193 | CRITICAL | 9.6.10-0+deb9u1 | | postgresql: Command injection |
| | | | | | via "COPY TO/FROM PROGRAM" |
| | | | | | function |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libpython-stdlib | CVE-2008-4108 | HIGH | 2.7.13-2 | | python: Generic FAQ wizard |
| | | | | | moving tool insecure auxiliary |
| | | | | | /tmp file usage (symlink... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libpython2.7-minimal | CVE-2020-8492 | | 2.7.13-2+deb9u3 | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+----------------------+ + + +------------------+ +
| libpython2.7-stdlib | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libsmartcols1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libsqlite3-0 | CVE-2019-8457 | | 3.16.2-5+deb9u1 | | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libssh2-1 | CVE-2019-3855 | CRITICAL | 1.7.0-1 | 1.7.0-1+deb9u1 | libssh2: Integer overflow in |
| | | | | | transport read resulting in |
| | | | | | out of bounds write... |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libsystemd0 | CVE-2017-1000082 | | 232-25+deb9u8 | | systemd: fails to parse |
| | | | | | usernames that start with |
| | | | | | digits |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-15686 | | | 232-25+deb9u10 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +------------------+-----------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1712 | | | | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.10-1.1+deb9u1 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| libudev1 | CVE-2017-1000082 | CRITICAL | 232-25+deb9u8 | | systemd: fails to parse |
| | | | | | usernames that start with |
| | | | | | digits |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-15686 | | | 232-25+deb9u10 | systemd: line splitting via |
| | | | | | fgets() allows for state |
| | | | | | injection during daemon-reexec |
+ +------------------+----------+ +------------------+-----------------------------------------+
| | CVE-2018-6954 | HIGH | | | systemd: Mishandled symlinks |
| | | | | | in systemd-tmpfiles allows |
| | | | | | local users to obtain |
| | | | | | ownership of... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1712 | | | | systemd: use-after-free when |
| | | | | | asynchronous polkit queries |
| | | | | | are performed |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| libuuid1 | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| locales | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| login | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| mount | CVE-2016-2779 | | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| multiarch-support | CVE-2017-16997 | CRITICAL | 2.24-11+deb9u3 | 2.24-11+deb9u4 | glibc: Incorrect handling of |
| | | | | | RPATH in elf/dl-load.c can be |
| | | | | | used to execute... |
+ +------------------+----------+ + +-----------------------------------------+
| | CVE-2017-1000408 | HIGH | | | glibc: Memory leak reachable |
| | | | | | via LD_HWCAP_MASK |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15670 | | | | glibc: Buffer overflow in glob |
| | | | | | with GLOB_TILDE |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-15804 | | | | glibc: Buffer overflow during |
| | | | | | unescaping of user names with |
| | | | | | the ~ operator... |
+ +------------------+ + + +-----------------------------------------+
| | CVE-2017-18269 | | | | glibc: memory corruption in |
| | | | | | memcpy-sse2-unaligned.S |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-1000001 | | | | glibc: realpath() buffer |
| | | | | | underflow when getcwd() |
| | | | | | returns relative path allows |
| | | | | | privilege escalation... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-11236 | | | 2.24-11+deb9u4 | glibc: Integer overflow in |
| | | | | | stdlib/canonicalize.c on |
| | | | | | 32-bit architectures leading |
| | | | | | to stack-based buffer... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6485 | | | | glibc: Integer overflow in |
| | | | | | posix_memalign in memalign |
| | | | | | functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2018-6551 | | | | glibc: integer overflow in |
| | | | | | malloc functions |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2019-9169 | | | | glibc: regular-expression |
| | | | | | match via proceed_next_node |
| | | | | | in posix/regexec.c leads to |
| | | | | | heap-based buffer over-read... |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +------------------+ + +------------------+-----------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| passwd | CVE-2017-12424 | | 1:4.4-4.1 | | shadow-utils: Buffer overflow |
| | | | | | via newusers tool |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| python | CVE-2008-4108 | | 2.7.13-2 | | python: Generic FAQ wizard |
| | | | | | moving tool insecure auxiliary |
| | | | | | /tmp file usage (symlink... |
+----------------------+ + + +------------------+ +
| python-minimal | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| python-yaml | CVE-2017-18342 | | 3.12-1 | | PyYAML: yaml.load() API could |
| | | | | | execute arbitrary code |
+----------------------+------------------+ +-------------------+------------------+-----------------------------------------+
| python2.7 | CVE-2020-8492 | | 2.7.13-2+deb9u3 | | python: wrong backtracking in |
| | | | | | urllib.request.AbstractBasicAuthHandler |
| | | | | | allows for a ReDoS |
+----------------------+ + + +------------------+ +
| python2.7-minimal | | | | | |
| | | | | | |
| | | | | | |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| tar | CVE-2005-2541 | CRITICAL | 1.29b-1.1 | | Tar 1.15.1 does not properly |
| | | | | | warn the user when extracting |
| | | | | | setuid or... |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
| util-linux | CVE-2016-2779 | HIGH | 2.29.2-1+deb9u1 | | util-linux: runuser tty hijack |
| | | | | | via TIOCSTI ioctl |
+----------------------+------------------+----------+-------------------+------------------+-----------------------------------------+
Vulnerabilities found for image spm-user:ac5197fe059c729ec469ade9b6ff16af0c89be61-alpine
spm-user:ac5197fe059c729ec469ade9b6ff16af0c89be61-alpine
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| bzip2 | CVE-2019-12900 | HIGH | 1.0.6-r6 | 1.0.6-r7 | bzip2: out-of-bounds write in |
| | | | | | function BZ2_decompress |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| libjpeg-turbo | CVE-2019-2201 | CRITICAL | 1.5.3-r4 | 1.5.3-r6 | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting |
| | | | | | to compress/decompress |
| | | | | | gigapixel... |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
| libtasn1 | CVE-2018-1000654 | HIGH | 4.13-r0 | 4.14-r0 | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+---------------+------------------+ +-------------------+---------------+--------------------------------+
| musl | CVE-2019-14697 | | 1.1.20-r4 | 1.1.20-r5 | musl libc through 1.1.23 |
| | | | | | has an x87 floating-point |
| | | | | | stack adjustment imbalance, |
| | | | | | related... |
+---------------+------------------+ +-------------------+---------------+--------------------------------+
| sqlite | CVE-2019-8457 | | 3.26.0-r3 | 3.28.0-r0 | sqlite: heap out-of-bound read |
| | | | | | in function rtreenode() |
+---------------+------------------+----------+-------------------+---------------+--------------------------------+
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.