search

DiUS / pact_broker-docker

'Dockerised' pact broker
http://pact.io
MIT License
76 stars 102 forks source link

Multiple vulnerabilities present in dius/pact-broker image v2.68.1.0 #105

Open mefellows opened 3 years ago

mefellows commented 3 years ago

Using trivvy to scan this container presents the following vulnerabilities:

➜  /usr/local/bin/trivy dius/pact-broker
2021-02-08T13:19:29.110+1100    WARN    You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2021-02-08T13:20:08.337+1100    INFO    Detecting Ubuntu vulnerabilities...
2021-02-08T13:20:08.347+1100    INFO    Detecting  vulnerabilities...

dius/pact-broker (ubuntu 20.04)
===============================
Total: 220 (UNKNOWN: 0, LOW: 104, MEDIUM: 116, HIGH: 0, CRITICAL: 0)

+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
|            LIBRARY             | VULNERABILITY ID | SEVERITY |    INSTALLED VERSION    |      FIXED VERSION      |                    TITLE                    |                 URL                  |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| bash                           | CVE-2019-18276   | LOW      | 5.0-6ubuntu1.1          |                         | bash: when effective UID is                 | avd.aquasec.com/nvd/cve-2019-18276   |
|                                |                  |          |                         |                         | not equal to its real UID                   |                                      |
|                                |                  |          |                         |                         | the...                                      |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| binutils                       | CVE-2017-13716   |          | 2.34-6ubuntu1           |                         | binutils: Memory leak with the              | avd.aquasec.com/nvd/cve-2017-13716   |
|                                |                  |          |                         |                         | C++ symbol demangler routine                |                                      |
|                                |                  |          |                         |                         | in libiberty                                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20657   |          |                         |                         | libiberty: Memory leak in                   | avd.aquasec.com/nvd/cve-2018-20657   |
|                                |                  |          |                         |                         | demangle_template function                  |                                      |
|                                |                  |          |                         |                         | resulting in a denial of                    |                                      |
|                                |                  |          |                         |                         | service...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20673   |          |                         |                         | libiberty: Integer overflow in              | avd.aquasec.com/nvd/cve-2018-20673   |
|                                |                  |          |                         |                         | demangle_template() function                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-1010204 |          |                         |                         | binutils: Improper Input                    | avd.aquasec.com/nvd/cve-2019-1010204 |
|                                |                  |          |                         |                         | Validation, Signed/Unsigned                 |                                      |
|                                |                  |          |                         |                         | Comparison, Out-of-bounds                   |                                      |
|                                |                  |          |                         |                         | Read in gold/fileread.cc and                |                                      |
|                                |                  |          |                         |                         | elfcpp/elfcpp_file.h...                     |                                      |
+--------------------------------+------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
| binutils-common                | CVE-2017-13716   |          |                         |                         | binutils: Memory leak with the              | avd.aquasec.com/nvd/cve-2017-13716   |
|                                |                  |          |                         |                         | C++ symbol demangler routine                |                                      |
|                                |                  |          |                         |                         | in libiberty                                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20657   |          |                         |                         | libiberty: Memory leak in                   | avd.aquasec.com/nvd/cve-2018-20657   |
|                                |                  |          |                         |                         | demangle_template function                  |                                      |
|                                |                  |          |                         |                         | resulting in a denial of                    |                                      |
|                                |                  |          |                         |                         | service...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20673   |          |                         |                         | libiberty: Integer overflow in              | avd.aquasec.com/nvd/cve-2018-20673   |
|                                |                  |          |                         |                         | demangle_template() function                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-1010204 |          |                         |                         | binutils: Improper Input                    | avd.aquasec.com/nvd/cve-2019-1010204 |
|                                |                  |          |                         |                         | Validation, Signed/Unsigned                 |                                      |
|                                |                  |          |                         |                         | Comparison, Out-of-bounds                   |                                      |
|                                |                  |          |                         |                         | Read in gold/fileread.cc and                |                                      |
|                                |                  |          |                         |                         | elfcpp/elfcpp_file.h...                     |                                      |
+--------------------------------+------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
| binutils-x86-64-linux-gnu      | CVE-2017-13716   |          |                         |                         | binutils: Memory leak with the              | avd.aquasec.com/nvd/cve-2017-13716   |
|                                |                  |          |                         |                         | C++ symbol demangler routine                |                                      |
|                                |                  |          |                         |                         | in libiberty                                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20657   |          |                         |                         | libiberty: Memory leak in                   | avd.aquasec.com/nvd/cve-2018-20657   |
|                                |                  |          |                         |                         | demangle_template function                  |                                      |
|                                |                  |          |                         |                         | resulting in a denial of                    |                                      |
|                                |                  |          |                         |                         | service...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20673   |          |                         |                         | libiberty: Integer overflow in              | avd.aquasec.com/nvd/cve-2018-20673   |
|                                |                  |          |                         |                         | demangle_template() function                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-1010204 |          |                         |                         | binutils: Improper Input                    | avd.aquasec.com/nvd/cve-2019-1010204 |
|                                |                  |          |                         |                         | Validation, Signed/Unsigned                 |                                      |
|                                |                  |          |                         |                         | Comparison, Out-of-bounds                   |                                      |
|                                |                  |          |                         |                         | Read in gold/fileread.cc and                |                                      |
|                                |                  |          |                         |                         | elfcpp/elfcpp_file.h...                     |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| bison                          | CVE-2020-24240   |          | 2:3.5.1+dfsg-1          |                         | bison: use-after-free via                   | avd.aquasec.com/nvd/cve-2020-24240   |
|                                |                  |          |                         |                         | crafted input file containing               |                                      |
|                                |                  |          |                         |                         | a NULL byte can lead...                     |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| coreutils                      | CVE-2016-2781    |          | 8.30-3ubuntu2           |                         | coreutils: Non-privileged                   | avd.aquasec.com/nvd/cve-2016-2781    |
|                                |                  |          |                         |                         | session can escape to the                   |                                      |
|                                |                  |          |                         |                         | parent session in chroot                    |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| cpp                            | CVE-2020-13844   | MEDIUM   | 1.185.1ubuntu2          |                         | kernel: ARM straight-line                   | avd.aquasec.com/nvd/cve-2020-13844   |
|                                |                  |          |                         |                         | speculation vulnerability                   |                                      |
+--------------------------------+                  +          +-------------------------+-------------------------+                                             +                                      +
| cpp-9                          |                  |          | 9.3.0-17ubuntu1~20.04   |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| dirmngr                        | CVE-2019-13050   | LOW      | 2.2.19-3ubuntu2         |                         | GnuPG: interaction between the              | avd.aquasec.com/nvd/cve-2019-13050   |
|                                |                  |          |                         |                         | sks-keyserver code and GnuPG                |                                      |
|                                |                  |          |                         |                         | allows for a Certificate...                 |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| g++                            | CVE-2020-13844   | MEDIUM   | 1.185.1ubuntu2          |                         | kernel: ARM straight-line                   | avd.aquasec.com/nvd/cve-2020-13844   |
|                                |                  |          |                         |                         | speculation vulnerability                   |                                      |
+--------------------------------+                  +          +-------------------------+-------------------------+                                             +                                      +
| g++-9                          |                  |          | 9.3.0-17ubuntu1~20.04   |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +-------------------------+-------------------------+                                             +                                      +
| gcc                            |                  |          | 1.185.1ubuntu2          |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +-------------------------+-------------------------+                                             +                                      +
| gcc-9                          |                  |          | 9.3.0-17ubuntu1~20.04   |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| gcc-9-base                     |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| git                            | CVE-2018-1000021 | LOW      | 1:2.25.1-1ubuntu3       |                         | git: client prints server-sent              | avd.aquasec.com/nvd/cve-2018-1000021 |
|                                |                  |          |                         |                         | ANSI escape codes to the                    |                                      |
|                                |                  |          |                         |                         | terminal, allowing for...                   |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| git-man                        |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| gpg                            | CVE-2019-13050   |          | 2.2.19-3ubuntu2         |                         | GnuPG: interaction between the              | avd.aquasec.com/nvd/cve-2019-13050   |
|                                |                  |          |                         |                         | sks-keyserver code and GnuPG                |                                      |
|                                |                  |          |                         |                         | allows for a Certificate...                 |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| gpg-agent                      |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| gpgconf                        |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| gpgv                           |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libapparmor1                   | CVE-2016-1585    | MEDIUM   | 2.13.3-7ubuntu5.1       |                         | In all versions of AppArmor                 | avd.aquasec.com/nvd/cve-2016-1585    |
|                                |                  |          |                         |                         | mount rules are accidentally                |                                      |
|                                |                  |          |                         |                         | widened when compiled....                   |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libasan5                       | CVE-2020-13844   |          | 9.3.0-17ubuntu1~20.04   |                         | kernel: ARM straight-line                   | avd.aquasec.com/nvd/cve-2020-13844   |
|                                |                  |          |                         |                         | speculation vulnerability                   |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libbinutils                    | CVE-2017-13716   | LOW      | 2.34-6ubuntu1           |                         | binutils: Memory leak with the              | avd.aquasec.com/nvd/cve-2017-13716   |
|                                |                  |          |                         |                         | C++ symbol demangler routine                |                                      |
|                                |                  |          |                         |                         | in libiberty                                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20657   |          |                         |                         | libiberty: Memory leak in                   | avd.aquasec.com/nvd/cve-2018-20657   |
|                                |                  |          |                         |                         | demangle_template function                  |                                      |
|                                |                  |          |                         |                         | resulting in a denial of                    |                                      |
|                                |                  |          |                         |                         | service...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20673   |          |                         |                         | libiberty: Integer overflow in              | avd.aquasec.com/nvd/cve-2018-20673   |
|                                |                  |          |                         |                         | demangle_template() function                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-1010204 |          |                         |                         | binutils: Improper Input                    | avd.aquasec.com/nvd/cve-2019-1010204 |
|                                |                  |          |                         |                         | Validation, Signed/Unsigned                 |                                      |
|                                |                  |          |                         |                         | Comparison, Out-of-bounds                   |                                      |
|                                |                  |          |                         |                         | Read in gold/fileread.cc and                |                                      |
|                                |                  |          |                         |                         | elfcpp/elfcpp_file.h...                     |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libc-bin                       | CVE-2016-10228   |          | 2.31-0ubuntu9.2         |                         | glibc: iconv program can                    | avd.aquasec.com/nvd/cve-2016-10228   |
|                                |                  |          |                         |                         | hang when invoked with the -c               |                                      |
|                                |                  |          |                         |                         | option                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-25013   |          |                         |                         | glibc: buffer over-read in                  | avd.aquasec.com/nvd/cve-2019-25013   |
|                                |                  |          |                         |                         | iconv when processing invalid               |                                      |
|                                |                  |          |                         |                         | multi-byte input sequences                  |                                      |
|                                |                  |          |                         |                         | in...                                       |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27618   |          |                         |                         | glibc: iconv when processing                | avd.aquasec.com/nvd/cve-2020-27618   |
|                                |                  |          |                         |                         | invalid multi-byte input                    |                                      |
|                                |                  |          |                         |                         | sequences fails to advance                  |                                      |
|                                |                  |          |                         |                         | the...                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-29562   |          |                         |                         | glibc: assertion failure in                 | avd.aquasec.com/nvd/cve-2020-29562   |
|                                |                  |          |                         |                         | iconv when converting invalid               |                                      |
|                                |                  |          |                         |                         | UCS4                                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-6096    |          |                         |                         | glibc: signed comparison                    | avd.aquasec.com/nvd/cve-2020-6096    |
|                                |                  |          |                         |                         | vulnerability in the ARMv7                  |                                      |
|                                |                  |          |                         |                         | memcpy function                             |                                      |
+--------------------------------+------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
| libc-dev-bin                   | CVE-2016-10228   |          |                         |                         | glibc: iconv program can                    | avd.aquasec.com/nvd/cve-2016-10228   |
|                                |                  |          |                         |                         | hang when invoked with the -c               |                                      |
|                                |                  |          |                         |                         | option                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-25013   |          |                         |                         | glibc: buffer over-read in                  | avd.aquasec.com/nvd/cve-2019-25013   |
|                                |                  |          |                         |                         | iconv when processing invalid               |                                      |
|                                |                  |          |                         |                         | multi-byte input sequences                  |                                      |
|                                |                  |          |                         |                         | in...                                       |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27618   |          |                         |                         | glibc: iconv when processing                | avd.aquasec.com/nvd/cve-2020-27618   |
|                                |                  |          |                         |                         | invalid multi-byte input                    |                                      |
|                                |                  |          |                         |                         | sequences fails to advance                  |                                      |
|                                |                  |          |                         |                         | the...                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-29562   |          |                         |                         | glibc: assertion failure in                 | avd.aquasec.com/nvd/cve-2020-29562   |
|                                |                  |          |                         |                         | iconv when converting invalid               |                                      |
|                                |                  |          |                         |                         | UCS4                                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-6096    |          |                         |                         | glibc: signed comparison                    | avd.aquasec.com/nvd/cve-2020-6096    |
|                                |                  |          |                         |                         | vulnerability in the ARMv7                  |                                      |
|                                |                  |          |                         |                         | memcpy function                             |                                      |
+--------------------------------+------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
| libc6                          | CVE-2016-10228   |          |                         |                         | glibc: iconv program can                    | avd.aquasec.com/nvd/cve-2016-10228   |
|                                |                  |          |                         |                         | hang when invoked with the -c               |                                      |
|                                |                  |          |                         |                         | option                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-25013   |          |                         |                         | glibc: buffer over-read in                  | avd.aquasec.com/nvd/cve-2019-25013   |
|                                |                  |          |                         |                         | iconv when processing invalid               |                                      |
|                                |                  |          |                         |                         | multi-byte input sequences                  |                                      |
|                                |                  |          |                         |                         | in...                                       |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27618   |          |                         |                         | glibc: iconv when processing                | avd.aquasec.com/nvd/cve-2020-27618   |
|                                |                  |          |                         |                         | invalid multi-byte input                    |                                      |
|                                |                  |          |                         |                         | sequences fails to advance                  |                                      |
|                                |                  |          |                         |                         | the...                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-29562   |          |                         |                         | glibc: assertion failure in                 | avd.aquasec.com/nvd/cve-2020-29562   |
|                                |                  |          |                         |                         | iconv when converting invalid               |                                      |
|                                |                  |          |                         |                         | UCS4                                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-6096    |          |                         |                         | glibc: signed comparison                    | avd.aquasec.com/nvd/cve-2020-6096    |
|                                |                  |          |                         |                         | vulnerability in the ARMv7                  |                                      |
|                                |                  |          |                         |                         | memcpy function                             |                                      |
+--------------------------------+------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
| libc6-dev                      | CVE-2016-10228   |          |                         |                         | glibc: iconv program can                    | avd.aquasec.com/nvd/cve-2016-10228   |
|                                |                  |          |                         |                         | hang when invoked with the -c               |                                      |
|                                |                  |          |                         |                         | option                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-25013   |          |                         |                         | glibc: buffer over-read in                  | avd.aquasec.com/nvd/cve-2019-25013   |
|                                |                  |          |                         |                         | iconv when processing invalid               |                                      |
|                                |                  |          |                         |                         | multi-byte input sequences                  |                                      |
|                                |                  |          |                         |                         | in...                                       |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27618   |          |                         |                         | glibc: iconv when processing                | avd.aquasec.com/nvd/cve-2020-27618   |
|                                |                  |          |                         |                         | invalid multi-byte input                    |                                      |
|                                |                  |          |                         |                         | sequences fails to advance                  |                                      |
|                                |                  |          |                         |                         | the...                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-29562   |          |                         |                         | glibc: assertion failure in                 | avd.aquasec.com/nvd/cve-2020-29562   |
|                                |                  |          |                         |                         | iconv when converting invalid               |                                      |
|                                |                  |          |                         |                         | UCS4                                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-6096    |          |                         |                         | glibc: signed comparison                    | avd.aquasec.com/nvd/cve-2020-6096    |
|                                |                  |          |                         |                         | vulnerability in the ARMv7                  |                                      |
|                                |                  |          |                         |                         | memcpy function                             |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libctf-nobfd0                  | CVE-2017-13716   |          | 2.34-6ubuntu1           |                         | binutils: Memory leak with the              | avd.aquasec.com/nvd/cve-2017-13716   |
|                                |                  |          |                         |                         | C++ symbol demangler routine                |                                      |
|                                |                  |          |                         |                         | in libiberty                                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20657   |          |                         |                         | libiberty: Memory leak in                   | avd.aquasec.com/nvd/cve-2018-20657   |
|                                |                  |          |                         |                         | demangle_template function                  |                                      |
|                                |                  |          |                         |                         | resulting in a denial of                    |                                      |
|                                |                  |          |                         |                         | service...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20673   |          |                         |                         | libiberty: Integer overflow in              | avd.aquasec.com/nvd/cve-2018-20673   |
|                                |                  |          |                         |                         | demangle_template() function                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-1010204 |          |                         |                         | binutils: Improper Input                    | avd.aquasec.com/nvd/cve-2019-1010204 |
|                                |                  |          |                         |                         | Validation, Signed/Unsigned                 |                                      |
|                                |                  |          |                         |                         | Comparison, Out-of-bounds                   |                                      |
|                                |                  |          |                         |                         | Read in gold/fileread.cc and                |                                      |
|                                |                  |          |                         |                         | elfcpp/elfcpp_file.h...                     |                                      |
+--------------------------------+------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
| libctf0                        | CVE-2017-13716   |          |                         |                         | binutils: Memory leak with the              | avd.aquasec.com/nvd/cve-2017-13716   |
|                                |                  |          |                         |                         | C++ symbol demangler routine                |                                      |
|                                |                  |          |                         |                         | in libiberty                                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20657   |          |                         |                         | libiberty: Memory leak in                   | avd.aquasec.com/nvd/cve-2018-20657   |
|                                |                  |          |                         |                         | demangle_template function                  |                                      |
|                                |                  |          |                         |                         | resulting in a denial of                    |                                      |
|                                |                  |          |                         |                         | service...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-20673   |          |                         |                         | libiberty: Integer overflow in              | avd.aquasec.com/nvd/cve-2018-20673   |
|                                |                  |          |                         |                         | demangle_template() function                |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-1010204 |          |                         |                         | binutils: Improper Input                    | avd.aquasec.com/nvd/cve-2019-1010204 |
|                                |                  |          |                         |                         | Validation, Signed/Unsigned                 |                                      |
|                                |                  |          |                         |                         | Comparison, Out-of-bounds                   |                                      |
|                                |                  |          |                         |                         | Read in gold/fileread.cc and                |                                      |
|                                |                  |          |                         |                         | elfcpp/elfcpp_file.h...                     |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libgcc-9-dev                   | CVE-2020-13844   | MEDIUM   | 9.3.0-17ubuntu1~20.04   |                         | kernel: ARM straight-line                   | avd.aquasec.com/nvd/cve-2020-13844   |
|                                |                  |          |                         |                         | speculation vulnerability                   |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libgcrypt20                    | CVE-2019-12904   | LOW      | 1.8.5-5ubuntu1          |                         | Libgcrypt: physical addresses               | avd.aquasec.com/nvd/cve-2019-12904   |
|                                |                  |          |                         |                         | being available to other                    |                                      |
|                                |                  |          |                         |                         | processes leads to a                        |                                      |
|                                |                  |          |                         |                         | flush-and-reload...                         |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libgssapi-krb5-2               | CVE-2018-5709    |          | 1.17-6ubuntu4.1         |                         | krb5: integer overflow                      | avd.aquasec.com/nvd/cve-2018-5709    |
|                                |                  |          |                         |                         | in dbentry->n_key_data in                   |                                      |
|                                |                  |          |                         |                         | kadmin/dbutil/dump.c                        |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libjbig0                       | CVE-2017-9937    |          | 2.1-3.1build1           |                         | libtiff: memory malloc failure              | avd.aquasec.com/nvd/cve-2017-9937    |
|                                |                  |          |                         |                         | in tif_jbig.c could cause DOS.              |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libk5crypto3                   | CVE-2018-5709    |          | 1.17-6ubuntu4.1         |                         | krb5: integer overflow                      | avd.aquasec.com/nvd/cve-2018-5709    |
|                                |                  |          |                         |                         | in dbentry->n_key_data in                   |                                      |
|                                |                  |          |                         |                         | kadmin/dbutil/dump.c                        |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libkrb5-3                      |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libkrb5support0                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libldap-2.4-2                  | CVE-2020-36221   | MEDIUM   | 2.4.49+dfsg-2ubuntu1.5  |                         | openldap: Integer underflow in              | avd.aquasec.com/nvd/cve-2020-36221   |
|                                |                  |          |                         |                         | serialNumberAndIssuerCheck in               |                                      |
|                                |                  |          |                         |                         | schema_init.c                               |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36222   |          |                         |                         | openldap: Assertion failure                 | avd.aquasec.com/nvd/cve-2020-36222   |
|                                |                  |          |                         |                         | in slapd in the saslAuthzTo                 |                                      |
|                                |                  |          |                         |                         | validation                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36223   |          |                         |                         | openldap: Out-of-bounds read                | avd.aquasec.com/nvd/cve-2020-36223   |
|                                |                  |          |                         |                         | in Values Return Filter                     |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36224   |          |                         |                         | openldap: Invalid pointer free              | avd.aquasec.com/nvd/cve-2020-36224   |
|                                |                  |          |                         |                         | in the saslAuthzTo processing               |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36225   |          |                         |                         | openldap: Double free in the                | avd.aquasec.com/nvd/cve-2020-36225   |
|                                |                  |          |                         |                         | saslAuthzTo processing                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36226   |          |                         |                         | openldap: Denial of service                 | avd.aquasec.com/nvd/cve-2020-36226   |
|                                |                  |          |                         |                         | via length miscalculation in                |                                      |
|                                |                  |          |                         |                         | slap_parse_user                             |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36227   |          |                         |                         | openldap: Infinite loop in                  | avd.aquasec.com/nvd/cve-2020-36227   |
|                                |                  |          |                         |                         | slapd with the cancel_extop                 |                                      |
|                                |                  |          |                         |                         | Cancel operation                            |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36228   |          |                         |                         | openldap: Integer underflow                 | avd.aquasec.com/nvd/cve-2020-36228   |
|                                |                  |          |                         |                         | in issuerAndThisUpdateCheck in              |                                      |
|                                |                  |          |                         |                         | schema_init.c                               |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36229   |          |                         |                         | openldap: Type confusion in                 | avd.aquasec.com/nvd/cve-2020-36229   |
|                                |                  |          |                         |                         | ad_keystring in ad.c                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36230   |          |                         |                         | openldap: Assertion failure in              | avd.aquasec.com/nvd/cve-2020-36230   |
|                                |                  |          |                         |                         | ber_next_element in decode.c                |                                      |
+--------------------------------+------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
| libldap-common                 | CVE-2020-36221   |          |                         |                         | openldap: Integer underflow in              | avd.aquasec.com/nvd/cve-2020-36221   |
|                                |                  |          |                         |                         | serialNumberAndIssuerCheck in               |                                      |
|                                |                  |          |                         |                         | schema_init.c                               |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36222   |          |                         |                         | openldap: Assertion failure                 | avd.aquasec.com/nvd/cve-2020-36222   |
|                                |                  |          |                         |                         | in slapd in the saslAuthzTo                 |                                      |
|                                |                  |          |                         |                         | validation                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36223   |          |                         |                         | openldap: Out-of-bounds read                | avd.aquasec.com/nvd/cve-2020-36223   |
|                                |                  |          |                         |                         | in Values Return Filter                     |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36224   |          |                         |                         | openldap: Invalid pointer free              | avd.aquasec.com/nvd/cve-2020-36224   |
|                                |                  |          |                         |                         | in the saslAuthzTo processing               |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36225   |          |                         |                         | openldap: Double free in the                | avd.aquasec.com/nvd/cve-2020-36225   |
|                                |                  |          |                         |                         | saslAuthzTo processing                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36226   |          |                         |                         | openldap: Denial of service                 | avd.aquasec.com/nvd/cve-2020-36226   |
|                                |                  |          |                         |                         | via length miscalculation in                |                                      |
|                                |                  |          |                         |                         | slap_parse_user                             |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36227   |          |                         |                         | openldap: Infinite loop in                  | avd.aquasec.com/nvd/cve-2020-36227   |
|                                |                  |          |                         |                         | slapd with the cancel_extop                 |                                      |
|                                |                  |          |                         |                         | Cancel operation                            |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36228   |          |                         |                         | openldap: Integer underflow                 | avd.aquasec.com/nvd/cve-2020-36228   |
|                                |                  |          |                         |                         | in issuerAndThisUpdateCheck in              |                                      |
|                                |                  |          |                         |                         | schema_init.c                               |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36229   |          |                         |                         | openldap: Type confusion in                 | avd.aquasec.com/nvd/cve-2020-36229   |
|                                |                  |          |                         |                         | ad_keystring in ad.c                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36230   |          |                         |                         | openldap: Assertion failure in              | avd.aquasec.com/nvd/cve-2020-36230   |
|                                |                  |          |                         |                         | ber_next_element in decode.c                |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libmysqlclient-dev             | CVE-2021-2002    |          | 8.0.22-0ubuntu0.20.04.3 | 8.0.23-0ubuntu0.20.04.1 | mysql: Server: Replication                  | avd.aquasec.com/nvd/cve-2021-2002    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2010    |          |                         |                         | mysql: C API unspecified                    | avd.aquasec.com/nvd/cve-2021-2010    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +                                             +--------------------------------------+
|                                | CVE-2021-2011    |          |                         |                         |                                             | avd.aquasec.com/nvd/cve-2021-2011    |
|                                |                  |          |                         |                         |                                             |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2021    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2021    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2022    |          |                         |                         | mysql: InnoDB unspecified                   | avd.aquasec.com/nvd/cve-2021-2022    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2024    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2024    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +                                             +--------------------------------------+
|                                | CVE-2021-2031    |          |                         |                         |                                             | avd.aquasec.com/nvd/cve-2021-2031    |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2032    |          |                         |                         | mysql: Information Schema                   | avd.aquasec.com/nvd/cve-2021-2032    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2036    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2036    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2038    |          |                         |                         | mysql: Server: Components                   | avd.aquasec.com/nvd/cve-2021-2038    |
|                                |                  |          |                         |                         | Services unspecified                        |                                      |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2046    |          |                         |                         | mysql: Server: Stored                       | avd.aquasec.com/nvd/cve-2021-2046    |
|                                |                  |          |                         |                         | Procedure unspecified                       |                                      |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2048    |          |                         |                         | mysql: InnoDB unspecified                   | avd.aquasec.com/nvd/cve-2021-2048    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2056    |          |                         |                         | mysql: Server: DML unspecified              | avd.aquasec.com/nvd/cve-2021-2056    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2058    |          |                         |                         | mysql: Server: Locking                      | avd.aquasec.com/nvd/cve-2021-2058    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2060    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2060    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2061    |          |                         |                         | mysql: Server: DDL unspecified              | avd.aquasec.com/nvd/cve-2021-2061    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2065    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2065    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +                                             +--------------------------------------+
|                                | CVE-2021-2070    |          |                         |                         |                                             | avd.aquasec.com/nvd/cve-2021-2070    |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2072    |          |                         |                         | mysql: Server: Stored                       | avd.aquasec.com/nvd/cve-2021-2072    |
|                                |                  |          |                         |                         | Procedure unspecified                       |                                      |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2076    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2076    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2081    |          |                         |                         | mysql: Server: Stored                       | avd.aquasec.com/nvd/cve-2021-2081    |
|                                |                  |          |                         |                         | Procedure unspecified                       |                                      |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2087    |          |                         |                         | mysql: Server: DML unspecified              | avd.aquasec.com/nvd/cve-2021-2087    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +                                             +--------------------------------------+
|                                | CVE-2021-2088    |          |                         |                         |                                             | avd.aquasec.com/nvd/cve-2021-2088    |
|                                |                  |          |                         |                         |                                             |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2122    |          |                         |                         | mysql: Server: DDL unspecified              | avd.aquasec.com/nvd/cve-2021-2122    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+--------------------------------+------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
| libmysqlclient21               | CVE-2021-2002    |          |                         |                         | mysql: Server: Replication                  | avd.aquasec.com/nvd/cve-2021-2002    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2010    |          |                         |                         | mysql: C API unspecified                    | avd.aquasec.com/nvd/cve-2021-2010    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +                                             +--------------------------------------+
|                                | CVE-2021-2011    |          |                         |                         |                                             | avd.aquasec.com/nvd/cve-2021-2011    |
|                                |                  |          |                         |                         |                                             |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2021    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2021    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2022    |          |                         |                         | mysql: InnoDB unspecified                   | avd.aquasec.com/nvd/cve-2021-2022    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2024    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2024    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +                                             +--------------------------------------+
|                                | CVE-2021-2031    |          |                         |                         |                                             | avd.aquasec.com/nvd/cve-2021-2031    |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2032    |          |                         |                         | mysql: Information Schema                   | avd.aquasec.com/nvd/cve-2021-2032    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2036    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2036    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2038    |          |                         |                         | mysql: Server: Components                   | avd.aquasec.com/nvd/cve-2021-2038    |
|                                |                  |          |                         |                         | Services unspecified                        |                                      |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2046    |          |                         |                         | mysql: Server: Stored                       | avd.aquasec.com/nvd/cve-2021-2046    |
|                                |                  |          |                         |                         | Procedure unspecified                       |                                      |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2048    |          |                         |                         | mysql: InnoDB unspecified                   | avd.aquasec.com/nvd/cve-2021-2048    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2056    |          |                         |                         | mysql: Server: DML unspecified              | avd.aquasec.com/nvd/cve-2021-2056    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2058    |          |                         |                         | mysql: Server: Locking                      | avd.aquasec.com/nvd/cve-2021-2058    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2060    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2060    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2061    |          |                         |                         | mysql: Server: DDL unspecified              | avd.aquasec.com/nvd/cve-2021-2061    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2065    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2065    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +                                             +--------------------------------------+
|                                | CVE-2021-2070    |          |                         |                         |                                             | avd.aquasec.com/nvd/cve-2021-2070    |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2072    |          |                         |                         | mysql: Server: Stored                       | avd.aquasec.com/nvd/cve-2021-2072    |
|                                |                  |          |                         |                         | Procedure unspecified                       |                                      |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2076    |          |                         |                         | mysql: Server: Optimizer                    | avd.aquasec.com/nvd/cve-2021-2076    |
|                                |                  |          |                         |                         | unspecified vulnerability (CPU              |                                      |
|                                |                  |          |                         |                         | Jan 2021)                                   |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2081    |          |                         |                         | mysql: Server: Stored                       | avd.aquasec.com/nvd/cve-2021-2081    |
|                                |                  |          |                         |                         | Procedure unspecified                       |                                      |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2087    |          |                         |                         | mysql: Server: DML unspecified              | avd.aquasec.com/nvd/cve-2021-2087    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+                                +------------------+          +                         +                         +                                             +--------------------------------------+
|                                | CVE-2021-2088    |          |                         |                         |                                             | avd.aquasec.com/nvd/cve-2021-2088    |
|                                |                  |          |                         |                         |                                             |                                      |
+                                +------------------+          +                         +                         +---------------------------------------------+--------------------------------------+
|                                | CVE-2021-2122    |          |                         |                         | mysql: Server: DDL unspecified              | avd.aquasec.com/nvd/cve-2021-2122    |
|                                |                  |          |                         |                         | vulnerability (CPU Jan 2021)                |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libnginx-mod-http-image-filter | CVE-2020-11724   |          | 1.18.0-0ubuntu1         |                         | An issue was discovered in                  | avd.aquasec.com/nvd/cve-2020-11724   |
|                                |                  |          |                         |                         | OpenResty before 1.15.8.4.                  |                                      |
|                                |                  |          |                         |                         | ngx_http_lua_subrequest.c                   |                                      |
|                                |                  |          |                         |                         | allows HTTP request...                      |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libnginx-mod-http-passenger    | CVE-2016-10345   |          | 1:6.0.7-1~focal1        |                         | passenger: File overwrite                   | avd.aquasec.com/nvd/cve-2016-10345   |
|                                |                  |          |                         |                         | vulnerability in                            |                                      |
|                                |                  |          |                         |                         | passenger-install-nginx-module              |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libnginx-mod-http-xslt-filter  | CVE-2020-11724   |          | 1.18.0-0ubuntu1         |                         | An issue was discovered in                  | avd.aquasec.com/nvd/cve-2020-11724   |
|                                |                  |          |                         |                         | OpenResty before 1.15.8.4.                  |                                      |
|                                |                  |          |                         |                         | ngx_http_lua_subrequest.c                   |                                      |
|                                |                  |          |                         |                         | allows HTTP request...                      |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libnginx-mod-mail              |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libnginx-mod-stream            |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libpam-systemd                 | CVE-2018-20839   |          | 245.4-4ubuntu3.4        |                         | systemd: mishandling of the                 | avd.aquasec.com/nvd/cve-2018-20839   |
|                                |                  |          |                         |                         | current keyboard mode check                 |                                      |
|                                |                  |          |                         |                         | leading to passwords being...               |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libpcre3                       | CVE-2017-11164   | LOW      | 2:8.39-12build1         |                         | pcre: OP_KETRMAX feature                    | avd.aquasec.com/nvd/cve-2017-11164   |
|                                |                  |          |                         |                         | in the match function in                    |                                      |
|                                |                  |          |                         |                         | pcre_exec.c                                 |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-20838   |          |                         |                         | pcre: buffer over-read in JIT               | avd.aquasec.com/nvd/cve-2019-20838   |
|                                |                  |          |                         |                         | when UTF is disabled                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-14155   |          |                         |                         | pcre: integer overflow in                   | avd.aquasec.com/nvd/cve-2020-14155   |
|                                |                  |          |                         |                         | libpcre                                     |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libpolkit-agent-1-0            | CVE-2016-2568    |          | 0.105-26ubuntu1         |                         | polkit: Program run via pkexec              | avd.aquasec.com/nvd/cve-2016-2568    |
|                                |                  |          |                         |                         | as unprivileged user can                    |                                      |
|                                |                  |          |                         |                         | escape to parent...                         |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libpolkit-gobject-1-0          |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libpython3.8-minimal           | CVE-2021-3177    | MEDIUM   | 3.8.5-1~20.04           |                         | python: stack-based buffer                  | avd.aquasec.com/nvd/cve-2021-3177    |
|                                |                  |          |                         |                         | overflow in PyCArg_repr in                  |                                      |
|                                |                  |          |                         |                         | _ctypes/callproc.c                          |                                      |
+                                +------------------+----------+                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27619   | LOW      |                         |                         | python: Python 3 eval of http               | avd.aquasec.com/nvd/cve-2020-27619   |
|                                |                  |          |                         |                         | resources during test suite                 |                                      |
|                                |                  |          |                         |                         | runs                                        |                                      |
+--------------------------------+------------------+----------+                         +-------------------------+---------------------------------------------+--------------------------------------+
| libpython3.8-stdlib            | CVE-2021-3177    | MEDIUM   |                         |                         | python: stack-based buffer                  | avd.aquasec.com/nvd/cve-2021-3177    |
|                                |                  |          |                         |                         | overflow in PyCArg_repr in                  |                                      |
|                                |                  |          |                         |                         | _ctypes/callproc.c                          |                                      |
+                                +------------------+----------+                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27619   | LOW      |                         |                         | python: Python 3 eval of http               | avd.aquasec.com/nvd/cve-2020-27619   |
|                                |                  |          |                         |                         | resources during test suite                 |                                      |
|                                |                  |          |                         |                         | runs                                        |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libsqlite3-0                   | CVE-2020-9794    | MEDIUM   | 3.31.1-4ubuntu0.2       |                         | An out-of-bounds read was                   | avd.aquasec.com/nvd/cve-2020-9794    |
|                                |                  |          |                         |                         | addressed with improved bounds              |                                      |
|                                |                  |          |                         |                         | checking. This issue is...                  |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libsqlite3-dev                 |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libstdc++-9-dev                | CVE-2020-13844   |          | 9.3.0-17ubuntu1~20.04   |                         | kernel: ARM straight-line                   | avd.aquasec.com/nvd/cve-2020-13844   |
|                                |                  |          |                         |                         | speculation vulnerability                   |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libsystemd0                    | CVE-2018-20839   |          | 245.4-4ubuntu3.4        |                         | systemd: mishandling of the                 | avd.aquasec.com/nvd/cve-2018-20839   |
|                                |                  |          |                         |                         | current keyboard mode check                 |                                      |
|                                |                  |          |                         |                         | leading to passwords being...               |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libtasn1-6                     | CVE-2018-1000654 | LOW      | 4.16.0-2                |                         | libtasn1: Infinite loop in                  | avd.aquasec.com/nvd/cve-2018-1000654 |
|                                |                  |          |                         |                         | _asn1_expand_object_id(ptree)               |                                      |
|                                |                  |          |                         |                         | leads to memory exhaustion                  |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libtiff5                       | CVE-2018-10126   |          | 4.1.0+git191117-2build1 |                         | libtiff: NULL pointer                       | avd.aquasec.com/nvd/cve-2018-10126   |
|                                |                  |          |                         |                         | dereference in the                          |                                      |
|                                |                  |          |                         |                         | jpeg_fdct_16x16 function in                 |                                      |
|                                |                  |          |                         |                         | jfdctint.c                                  |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libudev1                       | CVE-2018-20839   | MEDIUM   | 245.4-4ubuntu3.4        |                         | systemd: mishandling of the                 | avd.aquasec.com/nvd/cve-2018-20839   |
|                                |                  |          |                         |                         | current keyboard mode check                 |                                      |
|                                |                  |          |                         |                         | leading to passwords being...               |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libwebp6                       | CVE-2016-9085    |          | 0.6.1-2                 |                         | libwebp: Several integer                    | avd.aquasec.com/nvd/cve-2016-9085    |
|                                |                  |          |                         |                         | overflows                                   |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libx11-6                       | CVE-2020-25697   | LOW      | 2:1.6.9-2ubuntu1.1      |                         | xorg-x11-server: local                      | avd.aquasec.com/nvd/cve-2020-25697   |
|                                |                  |          |                         |                         | privilege escalation                        |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libx11-data                    |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libxml2                        | CVE-2020-24977   |          | 2.9.10+dfsg-5           |                         | libxml2: Buffer Overflow                    | avd.aquasec.com/nvd/cve-2020-24977   |
|                                |                  |          |                         |                         | vulnerability in                            |                                      |
|                                |                  |          |                         |                         | xmlEncodeEntitiesInternal at                |                                      |
|                                |                  |          |                         |                         | libxml2/entities.c                          |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libxml2-dev                    |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libxslt1-dev                   | CVE-2015-9019    |          | 1.1.34-4                |                         | libxslt: math.random() in xslt              | avd.aquasec.com/nvd/cve-2015-9019    |
|                                |                  |          |                         |                         | uses unseeded randomness                    |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| libxslt1.1                     |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| linux-libc-dev                 | CVE-2013-7445    | MEDIUM   | 5.4.0-65.73             |                         | kernel: memory exhaustion via               | avd.aquasec.com/nvd/cve-2013-7445    |
|                                |                  |          |                         |                         | crafted Graphics Execution                  |                                      |
|                                |                  |          |                         |                         | Manager (GEM) objects                       |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2015-8553    |          |                         |                         | CVE-2015-2150 CVE-2015-8553                 | avd.aquasec.com/nvd/cve-2015-8553    |
|                                |                  |          |                         |                         | xen: non-maskable interrupts                |                                      |
|                                |                  |          |                         |                         | triggerable by guests (xsa120)              |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2016-8660    |          |                         |                         | kernel: xfs: local DoS due to               | avd.aquasec.com/nvd/cve-2016-8660    |
|                                |                  |          |                         |                         | a page lock order bug in...                 |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-17977   |          |                         |                         | kernel: Mishandled                          | avd.aquasec.com/nvd/cve-2018-17977   |
|                                |                  |          |                         |                         | interactions among XFRM                     |                                      |
|                                |                  |          |                         |                         | Netlink messages, IPPROTO_AH                |                                      |
|                                |                  |          |                         |                         | packets, and IPPROTO_IP                     |                                      |
|                                |                  |          |                         |                         | packets...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-11725   |          |                         |                         | kernel: improper handling                   | avd.aquasec.com/nvd/cve-2020-11725   |
|                                |                  |          |                         |                         | of private_size*count                       |                                      |
|                                |                  |          |                         |                         | multiplication due to                       |                                      |
|                                |                  |          |                         |                         | count=info->owner typo                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-14304   |          |                         |                         | kernel: ethtool when reading                | avd.aquasec.com/nvd/cve-2020-14304   |
|                                |                  |          |                         |                         | eeprom of device could lead to              |                                      |
|                                |                  |          |                         |                         | memory leak...                              |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27835   |          |                         |                         | kernel: child process is able               | avd.aquasec.com/nvd/cve-2020-27835   |
|                                |                  |          |                         |                         | to access parent mm through                 |                                      |
|                                |                  |          |                         |                         | hfi dev...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-29373   |          |                         |                         | kernel: Insecure handling                   | avd.aquasec.com/nvd/cve-2020-29373   |
|                                |                  |          |                         |                         | of root directory for path                  |                                      |
|                                |                  |          |                         |                         | lookups via io_uring                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-29534   |          |                         |                         | kernel: io_uring takes a                    | avd.aquasec.com/nvd/cve-2020-29534   |
|                                |                  |          |                         |                         | non-refcounted reference                    |                                      |
|                                |                  |          |                         |                         | to the files_struct of the                  |                                      |
|                                |                  |          |                         |                         | process...                                  |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-36158   |          |                         |                         | kernel: buffer overflow in                  | avd.aquasec.com/nvd/cve-2020-36158   |
|                                |                  |          |                         |                         | mwifiex_cmd_802_11_ad_hoc_start function in |                                      |
|                                |                  |          |                         |                         | drivers/net/wireless/marvell/mwifiex/join.c |                                      |
|                                |                  |          |                         |                         | via a long SSID...                          |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2021-3347    |          |                         |                         | kernel: Use after free via PI               | avd.aquasec.com/nvd/cve-2021-3347    |
|                                |                  |          |                         |                         | futex state                                 |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2021-3348    |          |                         |                         | kernel: Use-after-free                      | avd.aquasec.com/nvd/cve-2021-3348    |
|                                |                  |          |                         |                         | in ndb_queue_rq() in                        |                                      |
|                                |                  |          |                         |                         | drivers/block/nbd.c                         |                                      |
+                                +------------------+----------+                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2017-0537    | LOW      |                         |                         | An information disclosure                   | avd.aquasec.com/nvd/cve-2017-0537    |
|                                |                  |          |                         |                         | vulnerability in the kernel                 |                                      |
|                                |                  |          |                         |                         | USB gadget driver could                     |                                      |
|                                |                  |          |                         |                         | enable...                                   |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2017-13165   |          |                         |                         | An elevation of privilege                   | avd.aquasec.com/nvd/cve-2017-13165   |
|                                |                  |          |                         |                         | vulnerability in the kernel                 |                                      |
|                                |                  |          |                         |                         | file system. Product:                       |                                      |
|                                |                  |          |                         |                         | Android....                                 |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2017-13693   |          |                         |                         | kernel: ACPI operand cache                  | avd.aquasec.com/nvd/cve-2017-13693   |
|                                |                  |          |                         |                         | leak in dsutils.c                           |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-1121    |          |                         |                         | procps-ng, procps: process                  | avd.aquasec.com/nvd/cve-2018-1121    |
|                                |                  |          |                         |                         | hiding through race condition               |                                      |
|                                |                  |          |                         |                         | enumerating /proc                           |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-12928   |          |                         |                         | kernel: NULL pointer                        | avd.aquasec.com/nvd/cve-2018-12928   |
|                                |                  |          |                         |                         | dereference in                              |                                      |
|                                |                  |          |                         |                         | hfs_ext_read_extent in hfs.ko               |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-12929   |          |                         |                         | kernel: use-after-free in                   | avd.aquasec.com/nvd/cve-2018-12929   |
|                                |                  |          |                         |                         | ntfs_read_locked_inode in the               |                                      |
|                                |                  |          |                         |                         | ntfs.ko                                     |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-12930   |          |                         |                         | kernel: stack-based                         | avd.aquasec.com/nvd/cve-2018-12930   |
|                                |                  |          |                         |                         | out-of-bounds write in                      |                                      |
|                                |                  |          |                         |                         | ntfs_end_buffer_async_read in               |                                      |
|                                |                  |          |                         |                         | the ntfs.ko                                 |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2018-12931   |          |                         |                         | kernel: stack-based                         | avd.aquasec.com/nvd/cve-2018-12931   |
|                                |                  |          |                         |                         | out-of-bounds write in                      |                                      |
|                                |                  |          |                         |                         | ntfs_attr_find in the ntfs.ko               |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-14899   |          |                         |                         | VPN: an attacker can inject                 | avd.aquasec.com/nvd/cve-2019-14899   |
|                                |                  |          |                         |                         | data into the TCP stream which              |                                      |
|                                |                  |          |                         |                         | allows...                                   |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-15213   |          |                         |                         | kernel: use-after-free caused               | avd.aquasec.com/nvd/cve-2019-15213   |
|                                |                  |          |                         |                         | by malicious USB device in                  |                                      |
|                                |                  |          |                         |                         | drivers/media/usb/dvb-usb/dvb-usb-init.c    |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-16230   |          |                         |                         | kernel: null pointer dereference in         | avd.aquasec.com/nvd/cve-2019-16230   |
|                                |                  |          |                         |                         | drivers/gpu/drm/radeon/radeon_display.c     |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-19378   |          |                         |                         | kernel: out-of-bounds write                 | avd.aquasec.com/nvd/cve-2019-19378   |
|                                |                  |          |                         |                         | in index_rbio_pages in                      |                                      |
|                                |                  |          |                         |                         | fs/btrfs/raid56.c                           |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-19814   |          |                         |                         | kernel: out-of-bounds write                 | avd.aquasec.com/nvd/cve-2019-19814   |
|                                |                  |          |                         |                         | in __remove_dirty_segment in                |                                      |
|                                |                  |          |                         |                         | fs/f2fs/segment.c                           |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-25639   |          |                         |                         | kernel: NULL pointer                        | avd.aquasec.com/nvd/cve-2020-25639   |
|                                |                  |          |                         |                         | dereference via nouveau ioctl               |                                      |
|                                |                  |          |                         |                         | can lead to DoS                             |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2021-3178    |          |                         |                         | kernel: path traversal in                   | avd.aquasec.com/nvd/cve-2021-3178    |
|                                |                  |          |                         |                         | fs/nfsd/nfs3xdr.c may lead                  |                                      |
|                                |                  |          |                         |                         | to Information Disclosure or                |                                      |
|                                |                  |          |                         |                         | RCE...                                      |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| locales                        | CVE-2016-10228   |          | 2.31-0ubuntu9.2         |                         | glibc: iconv program can                    | avd.aquasec.com/nvd/cve-2016-10228   |
|                                |                  |          |                         |                         | hang when invoked with the -c               |                                      |
|                                |                  |          |                         |                         | option                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2019-25013   |          |                         |                         | glibc: buffer over-read in                  | avd.aquasec.com/nvd/cve-2019-25013   |
|                                |                  |          |                         |                         | iconv when processing invalid               |                                      |
|                                |                  |          |                         |                         | multi-byte input sequences                  |                                      |
|                                |                  |          |                         |                         | in...                                       |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27618   |          |                         |                         | glibc: iconv when processing                | avd.aquasec.com/nvd/cve-2020-27618   |
|                                |                  |          |                         |                         | invalid multi-byte input                    |                                      |
|                                |                  |          |                         |                         | sequences fails to advance                  |                                      |
|                                |                  |          |                         |                         | the...                                      |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-29562   |          |                         |                         | glibc: assertion failure in                 | avd.aquasec.com/nvd/cve-2020-29562   |
|                                |                  |          |                         |                         | iconv when converting invalid               |                                      |
|                                |                  |          |                         |                         | UCS4                                        |                                      |
+                                +------------------+          +                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-6096    |          |                         |                         | glibc: signed comparison                    | avd.aquasec.com/nvd/cve-2020-6096    |
|                                |                  |          |                         |                         | vulnerability in the ARMv7                  |                                      |
|                                |                  |          |                         |                         | memcpy function                             |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| login                          | CVE-2013-4235    |          | 1:4.8.1-1ubuntu5.20.04  |                         | shadow-utils: TOCTOU race                   | avd.aquasec.com/nvd/cve-2013-4235    |
|                                |                  |          |                         |                         | conditions by copying and                   |                                      |
|                                |                  |          |                         |                         | removing directory trees                    |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| nginx                          | CVE-2020-11724   | MEDIUM   | 1.18.0-0ubuntu1         |                         | An issue was discovered in                  | avd.aquasec.com/nvd/cve-2020-11724   |
|                                |                  |          |                         |                         | OpenResty before 1.15.8.4.                  |                                      |
|                                |                  |          |                         |                         | ngx_http_lua_subrequest.c                   |                                      |
|                                |                  |          |                         |                         | allows HTTP request...                      |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| nginx-common                   |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| nginx-core                     |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| openssh-client                 | CVE-2020-14145   | LOW      | 1:8.2p1-4ubuntu0.1      |                         | openssh: Observable                         | avd.aquasec.com/nvd/cve-2020-14145   |
|                                |                  |          |                         |                         | Discrepancy leading to an                   |                                      |
|                                |                  |          |                         |                         | information leak in the                     |                                      |
|                                |                  |          |                         |                         | algorithm negotiation...                    |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| openssh-server                 |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| openssh-sftp-server            |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| passenger                      | CVE-2016-10345   | MEDIUM   | 1:6.0.7-1~focal1        |                         | passenger: File overwrite                   | avd.aquasec.com/nvd/cve-2016-10345   |
|                                |                  |          |                         |                         | vulnerability in                            |                                      |
|                                |                  |          |                         |                         | passenger-install-nginx-module              |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| passenger-dev                  |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| passenger-doc                  |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| passwd                         | CVE-2013-4235    | LOW      | 1:4.8.1-1ubuntu5.20.04  |                         | shadow-utils: TOCTOU race                   | avd.aquasec.com/nvd/cve-2013-4235    |
|                                |                  |          |                         |                         | conditions by copying and                   |                                      |
|                                |                  |          |                         |                         | removing directory trees                    |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| patch                          | CVE-2018-6952    |          | 2.7.6-6                 |                         | patch: Double free of memory                | avd.aquasec.com/nvd/cve-2018-6952    |
|                                |                  |          |                         |                         | in pch.c:another_hunk() causes              |                                      |
|                                |                  |          |                         |                         | a crash                                     |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| policykit-1                    | CVE-2016-2568    |          | 0.105-26ubuntu1         |                         | polkit: Program run via pkexec              | avd.aquasec.com/nvd/cve-2016-2568    |
|                                |                  |          |                         |                         | as unprivileged user can                    |                                      |
|                                |                  |          |                         |                         | escape to parent...                         |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| python3.8                      | CVE-2021-3177    | MEDIUM   | 3.8.5-1~20.04           |                         | python: stack-based buffer                  | avd.aquasec.com/nvd/cve-2021-3177    |
|                                |                  |          |                         |                         | overflow in PyCArg_repr in                  |                                      |
|                                |                  |          |                         |                         | _ctypes/callproc.c                          |                                      |
+                                +------------------+----------+                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27619   | LOW      |                         |                         | python: Python 3 eval of http               | avd.aquasec.com/nvd/cve-2020-27619   |
|                                |                  |          |                         |                         | resources during test suite                 |                                      |
|                                |                  |          |                         |                         | runs                                        |                                      |
+--------------------------------+------------------+----------+                         +-------------------------+---------------------------------------------+--------------------------------------+
| python3.8-minimal              | CVE-2021-3177    | MEDIUM   |                         |                         | python: stack-based buffer                  | avd.aquasec.com/nvd/cve-2021-3177    |
|                                |                  |          |                         |                         | overflow in PyCArg_repr in                  |                                      |
|                                |                  |          |                         |                         | _ctypes/callproc.c                          |                                      |
+                                +------------------+----------+                         +-------------------------+---------------------------------------------+--------------------------------------+
|                                | CVE-2020-27619   | LOW      |                         |                         | python: Python 3 eval of http               | avd.aquasec.com/nvd/cve-2020-27619   |
|                                |                  |          |                         |                         | resources during test suite                 |                                      |
|                                |                  |          |                         |                         | runs                                        |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| sqlite3                        | CVE-2020-9794    | MEDIUM   | 3.31.1-4ubuntu0.2       |                         | An out-of-bounds read was                   | avd.aquasec.com/nvd/cve-2020-9794    |
|                                |                  |          |                         |                         | addressed with improved bounds              |                                      |
|                                |                  |          |                         |                         | checking. This issue is...                  |                                      |
+--------------------------------+------------------+          +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| systemd                        | CVE-2018-20839   |          | 245.4-4ubuntu3.4        |                         | systemd: mishandling of the                 | avd.aquasec.com/nvd/cve-2018-20839   |
|                                |                  |          |                         |                         | current keyboard mode check                 |                                      |
|                                |                  |          |                         |                         | leading to passwords being...               |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| systemd-sysv                   |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+                  +          +                         +-------------------------+                                             +                                      +
| systemd-timesyncd              |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
|                                |                  |          |                         |                         |                                             |                                      |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+

home/app/pact_broker/Gemfile.lock
=================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
bethesque commented 3 years ago

Just a couple. Looks like I've added trivy to the pact-foundation one but not the dius one yet.

mefellows commented 3 years ago

I was going to raise an issue for that - but if you're happy I'll just add it straight in.

bethesque commented 3 years ago

So, I'm not sure how to get rid of the vulnerabilities. They're all OS level vulnerabilities, not Ruby gem ones. We're on the latest version of passenger phusion for Ruby 2.7, and we're already doing:

# Update OS as per https://github.com/phusion/passenger-docker#upgrading-the-operating-system-inside-the-container
RUN apt-get update && \
    apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
    apt-get -qy autoremove && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

See: https://github.com/DiUS/pact_broker-docker/runs/1883720574?check_suite_focus=true#step:4:159

What else can we do to force an upgrade of EVERYTHING? Any thoughts @k-ong?

mefellows commented 3 years ago

You managed to at least remove all of the HIGH vulnerabilities and over 100 MEDIUM - so we're on track, but Phusion does at least agree there are problems with the base image: Screen Shot 2021-02-12 at 5 00 56 pm

(via: http://phusion.github.io/baseimage-docker/)

Jokes aside, according to the trivy scan at least, there are no fixes for the remaining vulnerabilities. So, not sure how to move forward.

we could update the trivy scan to not fail the build unless there are high vulnerabilities and make a note to keep an eye on the remaining MEDIUMs? It's also possible that some of those dependencies aren't needed, but that could involve a lot of trial/error to find out.

bethesque commented 3 years ago

I've updated it to trivy filesystem --severity HIGH,CRITICAL --ignore-unfixed for now so we can actually get a release out.

bethesque commented 3 years ago

That seems to have done the trick https://github.com/DiUS/pact_broker-docker/runs/1899455773?check_suite_focus=true#step:3:851

mefellows commented 3 years ago

nice one, thanks Beth. Let's leave this open so if somebody comes along they can see it. It will no doubt fail when there is a fix for them, so we can close it off then.