CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes |
CVE-2022-23308 |
Medium |
security |
JFrog |
8:libxml2 |
All Versions |
|
2022-06-06T21:44:08Z |
8:libxml2 |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE-416 |
XRAY-198750 |
false |
rpm://8:libxml2:0:2.9.7-13.el8 |
rpm://8:libxml2 |
CVE-2021-31566 libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive |
CVE-2021-31566 |
Medium |
security |
JFrog |
8:libarchive |
All Versions |
|
2022-05-20T21:44:11Z |
8:libarchive |
|
4.4/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L |
CWE-59 |
XRAY-192332 |
false |
rpm://8:libarchive:0:3.3.3-3.el8_5 |
rpm://8:libarchive |
CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (moderate) |
CVE-2020-21674 |
Medium |
security |
JFrog |
8:libarchive |
All Versions |
|
2022-02-22T06:54:06Z |
8:libarchive |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CWE-787->CWE-122,CWE-787 |
XRAY-133961 |
false |
rpm://8:libarchive:0:3.3.3-3.el8_5 |
rpm://8:libarchive |
CVE-2022-1586 pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c |
CVE-2022-1586 |
Medium |
security |
JFrog |
8:pcre2 |
All Versions |
|
2022-05-27T21:44:24Z |
8:pcre2 |
6.4/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P |
7.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
CWE-125 |
XRAY-209666 |
false |
rpm://8:pcre2:0:10.32-2.el8 |
rpm://8:pcre2 |
CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate) |
CVE-2019-17543 |
Medium |
security |
JFrog |
8:lz4-libs |
All Versions |
|
2022-02-22T06:55:21Z |
8:lz4-libs |
6.8/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE-122,CWE-787 |
XRAY-134601 |
false |
rpm://8:lz4-libs:0:1.8.3-3.el8_4 |
rpm://8:lz4-libs |
CVE-2019-12904 Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate) |
CVE-2019-12904 |
Medium |
security |
JFrog |
8:libgcrypt |
All Versions |
|
2022-02-22T06:56:02Z |
8:libgcrypt |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N |
5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
CWE-385,CWE-310 |
XRAY-133231 |
false |
rpm://8:libgcrypt:0:1.8.5-6.el8 |
rpm://8:libgcrypt |
CVE-2022-1434 openssl: Incorrect MAC key used in the RC4-MD5 ciphersuite (moderate) |
CVE-2022-1434 |
Medium |
security |
JFrog |
8:openssl-libs |
All Versions |
|
2022-05-25T21:44:24Z |
8:openssl-libs |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N |
5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
CWE-327 |
XRAY-210787 |
false |
rpm://8:openssl-libs:1:1.1.1k-6.el8_5 |
rpm://8:openssl-libs |
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) |
CVE-2019-1010022 |
Medium |
security |
JFrog |
8:glibc-common |
All Versions |
|
2022-02-22T06:56:01Z |
8:glibc-common |
7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P |
8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE-121->CWE-119->CWE-305,CWE-119 |
XRAY-133149 |
false |
rpm://8:glibc-common:0:2.28-189.1.0.1.el8 |
rpm://8:glibc-common |
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) |
CVE-2019-1010022 |
Medium |
security |
JFrog |
8:glibc |
All Versions |
|
2022-02-22T06:56:01Z |
8:glibc |
7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P |
8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE-121->CWE-119->CWE-305,CWE-119 |
XRAY-133149 |
false |
rpm://8:glibc:0:2.28-189.1.0.1.el8 |
rpm://8:glibc |
CVE-2021-3521 rpm: RPM does not require subkeys to have a valid binding signature |
CVE-2021-3521 |
Medium |
security |
JFrog |
8:rpm |
All Versions |
|
2022-05-20T21:44:10Z |
8:rpm |
|
4.4/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N |
CWE-347 |
XRAY-185978 |
false |
rpm://8:rpm:0:4.14.3-23.el8 |
rpm://8:rpm |
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate) |
CVE-2018-20839 |
Medium |
security |
JFrog |
8:systemd-libs |
All Versions |
|
2022-02-22T06:55:28Z |
8:systemd-libs |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N |
6.4/CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CWE-200 |
XRAY-134751 |
false |
rpm://8:systemd-libs:0:239-58.0.1.el8 |
rpm://8:systemd-libs |
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) |
CVE-2019-1010022 |
Medium |
security |
JFrog |
8:glibc-minimal-langpack |
All Versions |
|
2022-02-22T06:56:01Z |
8:glibc-minimal-langpack |
7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P |
8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE-121->CWE-119->CWE-305,CWE-119 |
XRAY-133149 |
false |
rpm://8:glibc-minimal-langpack:0:2.28-189.1.0.1.el8 |
rpm://8:glibc-minimal-langpack |
CVE-2022-27776 curl: auth/cookie leak on redirect |
CVE-2022-27776 |
Medium |
security |
JFrog |
8:curl |
All Versions |
|
2022-06-16T21:44:45Z |
8:curl |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N |
4.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
CWE-522 |
XRAY-209155 |
false |
rpm://8:curl:0:7.61.1-22.el8 |
rpm://8:curl |
CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate) |
CVE-2021-42694 |
Medium |
security |
JFrog |
8:libgcc |
All Versions |
|
2022-02-22T07:03:20Z |
8:libgcc |
5.1/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P |
8.5/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
CWE-838,CWE-94 |
XRAY-189600 |
false |
rpm://8:libgcc:0:8.5.0-10.0.2.el8 |
rpm://8:libgcc |
CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate) |
CVE-2021-42694 |
Medium |
security |
JFrog |
8:libstdc++ |
All Versions |
|
2022-02-22T07:03:20Z |
8:libstdc++ |
5.1/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P |
8.5/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
CWE-838,CWE-94 |
XRAY-189600 |
false |
rpm://8:libstdc++:0:8.5.0-10.0.2.el8 |
rpm://8:libstdc++ |
CVE-2022-29155 openldap: OpenLDAP SQL injection (moderate) |
CVE-2022-29155 |
Medium |
security |
JFrog |
8:openldap |
All Versions |
|
2022-05-20T21:44:17Z |
8:openldap |
7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P |
6.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N |
CWE-89 |
XRAY-209689 |
false |
rpm://8:openldap:0:2.4.46-18.el8 |
rpm://8:openldap |
CVE-2022-27782 curl: TLS and SSH connection too eager reuse |
CVE-2022-27782 |
Medium |
security |
JFrog |
8:curl |
All Versions |
|
2022-06-12T21:44:08Z |
8:curl |
5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N |
6.0/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
CWE-287,CWE-295 |
XRAY-210045 |
false |
rpm://8:curl:0:7.61.1-22.el8 |
rpm://8:curl |
CVE-2022-1292 openssl: c_rehash script allows command injection (moderate) |
CVE-2022-1292 |
Medium |
security |
JFrog |
8:openssl-libs |
All Versions |
|
2022-06-12T21:44:08Z |
8:openssl-libs |
10.0/CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C |
5.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
CWE-77,CWE-78 |
XRAY-209571 |
false |
rpm://8:openssl-libs:1:1.1.1k-6.el8_5 |
rpm://8:openssl-libs |
CVE-2017-14502 libarchive: Off-by-one error in the read_header function (moderate) |
CVE-2017-14502 |
Medium |
security |
JFrog |
8:libarchive |
All Versions |
|
2022-02-22T06:54:07Z |
8:libarchive |
5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P |
7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CWE-193,CWE-125 |
XRAY-131952 |
false |
rpm://8:libarchive:0:3.3.3-3.el8_5 |
rpm://8:libarchive |
CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use |
CVE-2022-22576 |
Medium |
security |
JFrog |
8:curl |
All Versions |
|
2022-06-10T21:44:17Z |
8:curl |
5.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N |
4.6/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
CWE-287 |
XRAY-209153 |
false |
rpm://8:curl:0:7.61.1-22.el8 |
rpm://8:curl |
CVE-2022-29824 libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write (moderate) |
CVE-2022-29824 |
Medium |
security |
JFrog |
8:libxml2 |
All Versions |
|
2022-05-20T21:44:17Z |
8:libxml2 |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
7.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H |
CWE-190 |
XRAY-209696 |
false |
rpm://8:libxml2:0:2.9.7-13.el8 |
rpm://8:libxml2 |
CVE-2021-35937 rpm: TOCTOU race in checks for unsafe symlinks |
CVE-2021-35937 |
Medium |
security |
JFrog |
8:rpm |
All Versions |
|
2022-05-20T21:44:11Z |
8:rpm |
|
6.3/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H |
(CWE-59|CWE-367) |
XRAY-178848 |
false |
rpm://8:rpm:0:4.14.3-23.el8 |
rpm://8:rpm |
CVE-2022-27774 curl: credential leak on redirect |
CVE-2022-27774 |
Medium |
security |
JFrog |
8:curl |
All Versions |
|
2022-06-16T21:44:45Z |
8:curl |
3.5/CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N |
5.0/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L |
CWE-522 |
XRAY-209154 |
false |
rpm://8:curl:0:7.61.1-22.el8 |
rpm://8:curl |
CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation |
CVE-2021-35938 |
Medium |
security |
JFrog |
8:rpm |
All Versions |
|
2022-05-20T21:44:10Z |
8:rpm |
|
6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
CWE-59 |
XRAY-178847 |
false |
rpm://8:rpm:0:4.14.3-23.el8 |
rpm://8:rpm |
CVE-2021-40528 libgcrypt: ElGamal implementation allows plaintext recovery |
CVE-2021-40528 |
Medium |
security |
JFrog |
8:libgcrypt |
All Versions |
|
2022-02-22T07:03:18Z |
8:libgcrypt |
2.6/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N |
5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
CWE-327 |
XRAY-188668 |
false |
rpm://8:libgcrypt:0:1.8.5-6.el8 |
rpm://8:libgcrypt |
CVE-2021-23177 libarchive: extracting a symlink with ACLs modifies ACLs of target |
CVE-2021-23177 |
Medium |
security |
JFrog |
8:libarchive |
All Versions |
|
2022-05-20T21:44:11Z |
8:libarchive |
|
6.6/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L |
CWE-59 |
XRAY-192333 |
false |
rpm://8:libarchive:0:3.3.3-3.el8_5 |
rpm://8:libarchive |
CVE-2021-35939 rpm: checks for unsafe symlinks are not performed for intermediary directories |
CVE-2021-35939 |
Medium |
security |
JFrog |
8:rpm |
All Versions |
|
2022-05-20T21:44:11Z |
8:rpm |
|
6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
CWE-59 |
XRAY-178849 |
false |
rpm://8:rpm:0:4.14.3-23.el8 |
rpm://8:rpm |
CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low) |
CVE-2018-1000880 |
Low |
security |
JFrog |
8:libarchive |
All Versions |
|
2022-02-22T06:55:28Z |
8:libarchive |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-20,CWE-119 |
XRAY-134705 |
false |
rpm://8:libarchive:0:3.3.3-3.el8_5 |
rpm://8:libarchive |
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) |
CVE-2018-19211 |
Low |
security |
JFrog |
8:ncurses-libs |
All Versions |
|
2022-02-22T06:55:29Z |
8:ncurses-libs |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
CWE-119,CWE-476 |
XRAY-132928 |
false |
rpm://8:ncurses-libs:0:6.1-9.20180224.el8 |
rpm://8:ncurses-libs |
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) |
CVE-2018-19211 |
Low |
security |
JFrog |
8:ncurses-base |
All Versions |
|
2022-02-22T06:55:29Z |
8:ncurses-base |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
CWE-119,CWE-476 |
XRAY-132928 |
false |
rpm://8:ncurses-base:0:6.1-9.20180224.el8 |
rpm://8:ncurses-base |
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) |
CVE-2018-19217 |
Low |
security |
JFrog |
8:ncurses-libs |
All Versions |
|
2022-06-10T21:44:09Z |
8:ncurses-libs |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
CWE-119,CWE-476 |
XRAY-132932 |
false |
rpm://8:ncurses-libs:0:6.1-9.20180224.el8 |
rpm://8:ncurses-libs |
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) |
CVE-2018-19217 |
Low |
security |
JFrog |
8:ncurses-base |
All Versions |
|
2022-06-10T21:44:09Z |
8:ncurses-base |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H |
CWE-119,CWE-476 |
XRAY-132932 |
false |
rpm://8:ncurses-base:0:6.1-9.20180224.el8 |
rpm://8:ncurses-base |
CVE-2017-14166 libarchive: Heap-based buffer over-read in the atol8 function (low) |
CVE-2017-14166 |
Low |
security |
JFrog |
8:libarchive |
All Versions |
|
2022-02-22T06:55:25Z |
8:libarchive |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-122,CWE-125 |
XRAY-131928 |
false |
rpm://8:libarchive:0:3.3.3-3.el8_5 |
rpm://8:libarchive |
CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low) |
CVE-2019-9936 |
Low |
security |
JFrog |
8:sqlite-libs |
All Versions |
|
2022-06-10T21:44:09Z |
8:sqlite-libs |
5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N |
3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
CWE-122,CWE-125 |
XRAY-134833 |
false |
rpm://8:sqlite-libs:0:3.26.0-15.el8 |
rpm://8:sqlite-libs |
CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function |
CVE-2021-44568 |
Low |
security |
JFrog |
8:libsolv |
All Versions |
|
2022-05-20T21:44:16Z |
8:libsolv |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
6.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H |
CWE-125,CWE-787 |
XRAY-199742 |
false |
rpm://8:libsolv:0:0.7.20-1.el8 |
rpm://8:libsolv |
CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low) |
CVE-2019-8906 |
Low |
security |
JFrog |
8:file-libs |
All Versions |
|
2022-02-22T06:55:25Z |
8:file-libs |
3.6/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P |
5.4/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
CWE-125 |
XRAY-134829 |
false |
rpm://8:file-libs:0:5.33-20.el8 |
rpm://8:file-libs |
CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low) |
CVE-2018-1000654 |
Low |
security |
JFrog |
8:libtasn1 |
All Versions |
|
2022-02-22T06:55:16Z |
8:libtasn1 |
7.1/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C |
4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
CWE-20->CWE-400,NVD-CWE-noinfo |
XRAY-132660 |
false |
rpm://8:libtasn1:0:4.13-3.el8 |
rpm://8:libtasn1 |
CVE-2021-4209 GnuTLS: Null pointer dereference in MD_UPDATE |
CVE-2021-4209 |
Low |
security |
JFrog |
8:gnutls |
All Versions |
|
2022-05-20T21:44:11Z |
8:gnutls |
|
6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
CWE-476 |
XRAY-198315 |
false |
rpm://8:gnutls:0:3.6.16-4.el8 |
rpm://8:gnutls |
CVE-2017-14501 libarchive: Out-of-bounds read in parse_file_info (low) |
CVE-2017-14501 |
Low |
security |
JFrog |
8:libarchive |
All Versions |
|
2022-02-22T06:56:10Z |
8:libarchive |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-125 |
XRAY-131951 |
false |
rpm://8:libarchive:0:3.3.3-3.el8_5 |
rpm://8:libarchive |
CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low) |
CVE-2019-12900 |
Low |
security |
JFrog |
8:bzip2-libs |
All Versions |
|
2022-06-10T21:44:08Z |
8:bzip2-libs |
7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P |
4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
CWE-787 |
XRAY-133230 |
false |
rpm://8:bzip2-libs:0:1.0.6-26.el8 |
rpm://8:bzip2-libs |
CVE-2018-16428 glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c (low) |
CVE-2018-16428 |
Low |
security |
JFrog |
8:glib2 |
All Versions |
|
2022-02-22T06:55:21Z |
8:glib2 |
7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P |
9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CWE-119,CWE-476 |
XRAY-132844 |
false |
rpm://8:glib2:0:2.56.4-158.el8 |
rpm://8:glib2 |
CVE-2021-45346 sqlite: crafted SQL query allows a malicious user to obtain sensitive information (low) |
CVE-2021-45346 |
Low |
security |
JFrog |
8:sqlite-libs |
All Versions |
|
2022-05-01T21:44:13Z |
8:sqlite-libs |
4.0/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N |
3.1/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N |
CWE-401->CWE-200,CWE-401 |
XRAY-209065 |
false |
rpm://8:sqlite-libs:0:3.26.0-15.el8 |
rpm://8:sqlite-libs |
CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low) |
CVE-2018-20657 |
Low |
security |
JFrog |
8:libstdc++ |
All Versions |
|
2022-02-22T06:55:41Z |
8:libstdc++ |
5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-400,CWE-772 |
XRAY-132991 |
false |
rpm://8:libstdc++:0:8.5.0-10.0.2.el8 |
rpm://8:libstdc++ |
CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low) |
CVE-2018-20657 |
Low |
security |
JFrog |
8:libgcc |
All Versions |
|
2022-02-22T06:55:41Z |
8:libgcc |
5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-400,CWE-772 |
XRAY-132991 |
false |
rpm://8:libgcc:0:8.5.0-10.0.2.el8 |
rpm://8:libgcc |
CVE-2021-43618 gmp: Integer overflow and resultant buffer overflow via crafted input (low) |
CVE-2021-43618 |
Low |
security |
JFrog |
8:gmp |
All Versions |
|
2022-05-20T21:44:11Z |
8:gmp |
5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P |
4.0/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
CWE-190 |
XRAY-191006 |
false |
rpm://8:gmp:1:6.1.2-10.el8 |
rpm://8:gmp |
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) |
CVE-2019-14250 |
Low |
security |
JFrog |
8:libstdc++ |
All Versions |
|
2022-02-22T06:56:11Z |
8:libstdc++ |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-20->CWE-190->CWE-125,CWE-787,CWE-190 |
XRAY-133283 |
false |
rpm://8:libstdc++:0:8.5.0-10.0.2.el8 |
rpm://8:libstdc++ |
CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low) |
CVE-2018-1000879 |
Low |
security |
JFrog |
8:libarchive |
All Versions |
|
2022-02-22T06:55:25Z |
8:libarchive |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-476 |
XRAY-134704 |
false |
rpm://8:libarchive:0:3.3.3-3.el8_5 |
rpm://8:libarchive |
CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low) |
CVE-2019-9937 |
Low |
security |
JFrog |
8:sqlite-libs |
All Versions |
|
2022-06-10T21:44:09Z |
8:sqlite-libs |
5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
CWE-476 |
XRAY-134834 |
false |
rpm://8:sqlite-libs:0:3.26.0-15.el8 |
rpm://8:sqlite-libs |
CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low) |
CVE-2019-19244 |
Low |
security |
JFrog |
8:sqlite-libs |
All Versions |
|
2022-02-22T06:56:18Z |
8:sqlite-libs |
5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P |
7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CWE-20,NVD-CWE-noinfo |
XRAY-133415 |
false |
rpm://8:sqlite-libs:0:3.26.0-15.el8 |
rpm://8:sqlite-libs |
CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low) |
CVE-2019-8905 |
Low |
security |
JFrog |
8:file-libs |
All Versions |
|
2022-02-22T06:55:25Z |
8:file-libs |
3.6/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P |
5.4/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
CWE-125 |
XRAY-134828 |
false |
rpm://8:file-libs:0:5.33-20.el8 |
rpm://8:file-libs |
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) |
CVE-2019-14250 |
Low |
security |
JFrog |
8:libgcc |
All Versions |
|
2022-02-22T06:56:11Z |
8:libgcc |
4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P |
3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
CWE-20->CWE-190->CWE-125,CWE-787,CWE-190 |
XRAY-133283 |
false |
rpm://8:libgcc:0:8.5.0-10.0.2.el8 |
rpm://8:libgcc |