Open MaxPeal opened 3 years ago
maxpeal@static:~$ docker run --rm -v ~/.cache/trivy:/root/.cache/ aquasec/trivy:${VERSION} -debug $DUT:latest
2020-11-22T02:54:21.792Z DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
2020-11-22T02:54:21.792Z WARN You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2020-11-22T02:54:21.793Z DEBUG cache dir: /root/.cache/trivy
2020-11-22T02:54:21.793Z DEBUG DB update was skipped because DB is the latest
2020-11-22T02:54:21.793Z DEBUG DB Schema: 1, Type: 1, UpdatedAt: 2020-11-22 00:31:19.958804537 +0000 UTC, NextUpdate: 2020-11-22 12:31:19.958804137 +0000 UTC
2020-11-22T02:54:23.382Z DEBUG Vulnerability type: [os library]
2020-11-22T02:54:23.601Z DEBUG Artifact ID: sha256:e55926b7c37760a8002c4fd597f1693c160fbd3fa70999d6a77b69a0ca355b3f
2020-11-22T02:54:23.601Z DEBUG Blob IDs: [sha256:13cb14c2acd34e45446a50af25cb05095a17624678dbafbcc9e26086547c1d74 sha256:03a9c9b54b49ac8fe7a500f1931b4baed25ed90a9376552f5319355268c0be7e sha256:bd056a92c4d64a942ec6dc69e86d3e50ccd71b2cee8f7f2b712f0f35b19ed109 sha256:5aed85da23adbed3149816aeadd210111107c512a4a41dbc745022f8d8dd5cd9 sha256:3a05bc4e8b1dd2b9630151d1459bb927430f50cb9881275eaafb97468b2abaeb sha256:afde22bc61207b0a36aa296355f36a8c5e500a9f6351c8056ff105476e668b0f sha256:a15f15357140962a58f8275dc980a6a16697c848dc68435fe8ce97bd489e8ee5 sha256:44a4bfda918abba4c19c3d4beb5d44db4876e4c7a233e57d5e5c48fa526c20cf sha256:52ae0430fc81e32eba354db8762e2e5d4d027b9eb4cf6c8006c49d2b6ef2a23c]
2020-11-22T02:54:23.605Z INFO Detecting Debian vulnerabilities...
2020-11-22T02:54:23.605Z DEBUG debian: os version: 10
2020-11-22T02:54:23.605Z DEBUG debian: the number of packages: 199
osixia/openldap:latest (debian 10.4)
====================================
Total: 333 (UNKNOWN: 0, LOW: 183, MEDIUM: 71, HIGH: 77, CRITICAL: 2)
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| apt | CVE-2011-3374 | LOW | 1.8.2.1 | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+----------------------+ + + +------------------------------+ +
| apt-transport-https | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| apt-utils | | | | | |
| | | | | | |
| | | | | | |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is |
| | | | | | not equal to its real UID |
| | | | | | the... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | TEMP-0841856-B18BAF | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| bind9-host | CVE-2020-8623 | HIGH | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| coreutils | CVE-2016-2781 | LOW | 8.30-3 | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-18018 | | | | coreutils: race condition |
| | | | | | vulnerability in chown and |
| | | | | | chgrp |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| dirmngr | CVE-2019-14855 | | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key |
| | | | | | Certification Forgeries with |
| | | | | | SHA-1 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| gnupg | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key |
| | | | | | Certification Forgeries with |
| | | | | | SHA-1 |
+----------------------+ + + +------------------------------+ +
| gnupg-l10n | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gnupg-utils | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpg | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpg-agent | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpg-wks-client | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpg-wks-server | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpgconf | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpgsm | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| gpgv | | | | | |
| | | | | | |
| | | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| iproute2 | CVE-2019-20795 | MEDIUM | 4.20.0-2 | | iproute: use-after-free in |
| | | | | | get_netnsid_from_name in |
| | | | | | ip/ipnetns.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| krb5-kdc | CVE-2020-28196 | HIGH | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| krb5-kdc-ldap | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| krb5-user | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| ldap-utils | CVE-2015-3276 | | 2.4.50+dfsg-1~bpo10+1 | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libapt-inst2.0 | CVE-2011-3374 | | 1.8.2.1 | | It was found that apt-key |
| | | | | | in apt, all versions, do not |
| | | | | | correctly... |
+----------------------+ + + +------------------------------+ +
| libapt-pkg5.0 | | | | | |
| | | | | | |
| | | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libasn1-8-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libbind9-161 | CVE-2020-8623 | HIGH | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libc-bin | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-10029 | MEDIUM | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance |
| | | | | | the... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libc-l10n | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-10029 | MEDIUM | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance |
| | | | | | the... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libc6 | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-10029 | MEDIUM | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance |
| | | | | | the... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libdns1104 | CVE-2020-8623 | HIGH | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libexpat1 | CVE-2013-0340 | LOW | 2.2.6-2+deb10u1 | | expat: internal entity |
| | | | | | expansion |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgcrypt20 | CVE-2019-12904 | MEDIUM | 1.8.4-5 | | Libgcrypt: physical addresses |
| | | | | | being available to other |
| | | | | | processes leads to a |
| | | | | | flush-and-reload... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-13627 | | | | libgcrypt: ECDSA timing attack |
| | | | | | allowing private key leak |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal |
| | | | | | implementation doesn't |
| | | | | | have semantic security |
| | | | | | due to incorrectly encoded |
| | | | | | plaintexts... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgnutls30 | CVE-2020-24659 | HIGH | 3.6.7-4+deb10u4 | | gnutls: Heap buffer |
| | | | | | overflow in handshake with |
| | | | | | no_renegotiation alert sent |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-3389 | LOW | | | HTTPS: block-wise |
| | | | | | chosen-plaintext attack |
| | | | | | against SSL/TLS (BEAST) |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libgssapi-krb5-2 | CVE-2020-28196 | HIGH | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libgssrpc4 | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libhcrypto4-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+ + + +------------------------------+ +
| libhdb9-heimdal | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| libheimbase1-heimdal | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+ + + +------------------------------+ +
| libhx509-5-heimdal | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
| | | | | | fails to perform the roundtrip |
| | | | | | checks specified in... |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libisc1100 | CVE-2020-8623 | | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+ + +------------------------------------+
| libisccc161 | CVE-2020-8623 | HIGH | | | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+ + +------------------------------------+
| libisccfg163 | CVE-2020-8623 | HIGH | | | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libjson-c3 | CVE-2020-12762 | HIGH | 0.12.1+ds-2 | 0.12.1+ds-2+deb10u1 | json-c: integer overflow and |
| | | | | | out-of-bounds write via a |
| | | | | | large JSON file |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libk5crypto3 | CVE-2020-28196 | | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libkadm5clnt-mit11 | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libkadm5srv-mit11 | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkadm5srv8-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkdb5-9 | CVE-2020-28196 | HIGH | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkrb5-26-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libkrb5-3 | CVE-2020-28196 | HIGH | 1.17-3 | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libkrb5support0 | CVE-2020-28196 | HIGH | | | MIT Kerberos 5 (aka krb5) |
| | | | | | before 1.17.2 and 1.18.x |
| | | | | | before 1.18.3 allows... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2004-0971 | LOW | | | security flaw |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data in |
| | | | | | kadmin/dbutil/dump.c |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libldap-2.4-2 | CVE-2015-3276 | | 2.4.50+dfsg-1~bpo10+1 | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libldap-common | CVE-2020-25692 | HIGH | 2.4.47+dfsg-3+deb10u2 | 2.4.47+dfsg-3+deb10u3 | openldap: NULL pointer |
| | | | | | dereference for |
| | | | | | unauthenticated packet in |
| | | | | | slapd |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-25709 | | | 2.4.47+dfsg-3+deb10u4 | openldap: assertion failure |
| | | | | | in Certificate List syntax |
| | | | | | validation |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-25710 | | | | openldap: assertion failure in |
| | | | | | CSN normalization with invalid |
| | | | | | input |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2015-3276 | LOW | | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| liblwres161 | CVE-2020-8623 | HIGH | 1:9.11.5.P4+dfsg-5.1+deb10u1 | 1:9.11.5.P4+dfsg-5.1+deb10u2 | bind: remotely triggerable |
| | | | | | assertion failure in pk11.c |
+ +---------------------+----------+ + +------------------------------------+
| | CVE-2020-8619 | MEDIUM | | | bind: asterisk character in an |
| | | | | | empty non-terminal can cause |
| | | | | | an assertion failure... |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8622 | | | | bind: truncated TSIG response |
| | | | | | can lead to an assertion |
| | | | | | failure |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-8624 | | | | bind: incorrect enforcement |
| | | | | | of update-policy rules of type |
| | | | | | "subdomain" |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| liblz4-1 | CVE-2019-17543 | LOW | 1.8.3-1 | | lz4: heap-based buffer |
| | | | | | overflow in LZ4_write32 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libmariadb3 | CVE-2020-15180 | CRITICAL | 1:10.3.22-0+deb10u1 | 1:10.3.25-0+deb10u1 | mariadb: Insufficient SST |
| | | | | | method name check leading |
| | | | | | to code injection in |
| | | | | | mysql-wsrep... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-13249 | HIGH | | 1:10.3.23-0+deb10u1 | mariadb-connector-c: Improper |
| | | | | | validation of content in a OK |
| | | | | | packet received from server... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14765 | MEDIUM | | | mysql: Server: FTS unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14776 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14789 | | | | mysql: Server: FTS unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14812 | | | | mysql: Server: Locking |
| | | | | | unspecified vulnerability (CPU |
| | | | | | Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-2752 | | | 1:10.3.23-0+deb10u1 | mysql: C API unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2760 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2812 | | | | mysql: Server: Stored |
| | | | | | Procedure unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2814 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libonig5 | CVE-2020-26159 | HIGH | 6.9.1-1 | | oniguruma: Buffer overflow |
| | | | | | in concat_opt_exact_str could |
| | | | | | result in DoS |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2019-13224 | LOW | | | oniguruma: Use-after-free in |
| | | | | | onig_new_deluxe() in regext.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-13225 | | | | oniguruma: NULL pointer |
| | | | | | dereference in match_at() in |
| | | | | | regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-16163 | | | | oniguruma: Stack exhaustion in |
| | | | | | regcomp.c because of recursion |
| | | | | | in regparse.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19012 | | | | oniguruma: integer overflow |
| | | | | | in search_in_range function |
| | | | | | in regexec.c leads to |
| | | | | | out-of-bounds read... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19203 | | | | oniguruma: Heap-based |
| | | | | | buffer over-read in function |
| | | | | | gb18030_mbc_enc_len in file |
| | | | | | gb18030.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19204 | | | | oniguruma: Heap-based |
| | | | | | buffer over-read in function |
| | | | | | fetch_interval_quantifier in |
| | | | | | regparse.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19246 | | | | oniguruma: Heap-based |
| | | | | | buffer overflow in |
| | | | | | str_lower_case_match in |
| | | | | | regexec.c |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: integer overflow in |
| | | | | | libpcre |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature |
| | | | | | in the match function in |
| | | | | | pcre_exec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-16231 | | | | pcre: self-recursive call in |
| | | | | | match() in pcre_exec.c leads |
| | | | | | to denial of service... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-7245 | | | | pcre: stack-based |
| | | | | | buffer overflow write in |
| | | | | | pcre32_copy_substring |
+ +---------------------+ + +------------------------------+ +
| | CVE-2017-7246 | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20838 | | | | pcre: buffer over-read in JIT |
| | | | | | when UTF is disabled |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libperl5.28 | CVE-2020-10543 | HIGH | 5.28.1-6 | 5.28.1-6+deb10u1 | perl: heap-based buffer |
| | | | | | overflow in regular expression |
| | | | | | compiler leads to DoS |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-10878 | | | | perl: corruption of |
| | | | | | intermediate language state |
| | | | | | of compiled regular expression |
| | | | | | due to... |
+ +---------------------+ + + + +
| | CVE-2020-12723 | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpq5 | CVE-2020-14349 | HIGH | 11.7-0+deb10u1 | 11.9-0+deb10u1 | postgresql: Uncontrolled |
| | | | | | search path element in logical |
| | | | | | replication |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-14350 | | | | postgresql: Uncontrolled |
| | | | | | search path element in CREATE |
| | | | | | EXTENSION |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-25694 | | | | postgresql: Reconnection can |
| | | | | | downgrade connection security |
| | | | | | settings |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-25695 | | | | postgresql: Multiple features |
| | | | | | escape "security restricted |
| | | | | | operation" sandbox |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-25696 | | | | postgresql: psql's \gset |
| | | | | | allows overwriting specially |
| | | | | | treated variables |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2019-9193 | LOW | | | postgresql: Command injection |
| | | | | | via "COPY TO/FROM PROGRAM" |
| | | | | | function |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libpython3.7-minimal | CVE-2020-26116 | HIGH | 3.7.3-2+deb10u1 | | python: CRLF injection |
| | | | | | via HTTP request method in |
| | | | | | httplib/http.client |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14422 | MEDIUM | | 3.7.3-2+deb10u2 | python: DoS via inefficiency |
| | | | | | in IPv{4,6}Interface classes |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-17522 | LOW | | | python: Command injection in |
| | | | | | Lib/webbrowser.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-18348 | | | | python: CRLF injection via the |
| | | | | | host part of the url passed |
| | | | | | to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9674 | | | | python: Nested zip file |
| | | | | | (Zip bomb) vulnerability in |
| | | | | | Lib/zipfile.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27619 | | | | python: Python 3 eval of http |
| | | | | | resources during test suite |
| | | | | | runs |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| libpython3.7-stdlib | CVE-2020-26116 | HIGH | | | python: CRLF injection |
| | | | | | via HTTP request method in |
| | | | | | httplib/http.client |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14422 | MEDIUM | | 3.7.3-2+deb10u2 | python: DoS via inefficiency |
| | | | | | in IPv{4,6}Interface classes |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-17522 | LOW | | | python: Command injection in |
| | | | | | Lib/webbrowser.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-18348 | | | | python: CRLF injection via the |
| | | | | | host part of the url passed |
| | | | | | to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9674 | | | | python: Nested zip file |
| | | | | | (Zip bomb) vulnerability in |
| | | | | | Lib/zipfile.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27619 | | | | python: Python 3 eval of http |
| | | | | | resources during test suite |
| | | | | | runs |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libroken18-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | libseccomp: incorrect |
| | | | | | generation of syscall filters |
| | | | | | in libseccomp |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3 | | sqlite: mishandles certain |
| | | | | | SELECT statements with a |
| | | | | | nonexistent VIEW, leading to |
| | | | | | DoS... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19923 | | | | sqlite: mishandling of certain |
| | | | | | uses of SELECT DISTINCT |
| | | | | | involving a LEFT JOIN... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19925 | | | | sqlite: zipfileUpdate in |
| | | | | | ext/misc/zipfile.c mishandles |
| | | | | | a NULL pathname during an |
| | | | | | update of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19959 | | | | sqlite: mishandles certain |
| | | | | | uses of INSERT INTO in |
| | | | | | situations involving embedded |
| | | | | | '\0'... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20218 | | | | sqlite: selectExpander in |
| | | | | | select.c proceeds with WITH |
| | | | | | stack unwinding even after |
| | | | | | a... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13630 | | | | sqlite: Use-after-free |
| | | | | | in fts3EvalNextRow in |
| | | | | | ext/fts3/fts3.c |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2019-16168 | MEDIUM | | | sqlite: Division by zero in |
| | | | | | whereLoopAddBtreeIndex in |
| | | | | | sqlite3.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19645 | | | | sqlite: infinite recursion |
| | | | | | via certain types of |
| | | | | | self-referential views in |
| | | | | | conjunction with... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19924 | | | | sqlite: incorrect |
| | | | | | sqlite3WindowRewrite() error |
| | | | | | handling leads to mishandling |
| | | | | | certain parser-tree rewriting |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13434 | | | | sqlite: integer overflow in |
| | | | | | sqlite3_str_vappendf function |
| | | | | | in printf.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13435 | | | | sqlite: NULL pointer |
| | | | | | dereference leads to |
| | | | | | segmentation fault in |
| | | | | | sqlite3ExprCodeTarget in |
| | | | | | expr.c... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13631 | | | | sqlite: Virtual table can be |
| | | | | | renamed into the name of one |
| | | | | | of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13632 | | | | sqlite: NULL pointer |
| | | | | | dereference in |
| | | | | | ext/fts3/fts3_snippet.c via a |
| | | | | | crafted matchinfo() query |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15358 | | | | sqlite: heap-based |
| | | | | | buffer overflow in |
| | | | | | multiSelectOrderBy due to |
| | | | | | mishandling of query-flattener |
| | | | | | optimization... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2019-19244 | LOW | | | sqlite: allows a crash if a |
| | | | | | sub-select uses both DISTINCT |
| | | | | | and window... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-11656 | | | | sqlite: use-after-free in the |
| | | | | | ALTER TABLE implementation |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u3 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication |
| | | | | | weakness |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1551 | | | | openssl: Integer overflow in |
| | | | | | RSAZ modular exponentiation on |
| | | | | | x86_64 |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in |
| | | | | | cfgexpand.c and function.c |
| | | | | | leads to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG |
| | | | | | intrinsic produces repeated |
| | | | | | output |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u4 | | systemd: services with |
| | | | | | DynamicUser can create |
| | | | | | SUID/SGID binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with |
| | | | | | DynamicUser can get new |
| | | | | | privileges and create SGID |
| | | | | | binaries... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security |
| | | | | | contexts... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak |
| | | | | | in button_open() in |
| | | | | | login/logind-button.c when |
| | | | | | udev events are received... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13776 | | | | systemd: mishandles numerical |
| | | | | | usernames beginning with |
| | | | | | decimal digits or 0x followed |
| | | | | | by... |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u4 | | systemd: services with |
| | | | | | DynamicUser can create |
| | | | | | SUID/SGID binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with |
| | | | | | DynamicUser can get new |
| | | | | | privileges and create SGID |
| | | | | | binaries... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security |
| | | | | | contexts... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak |
| | | | | | in button_open() in |
| | | | | | login/logind-button.c when |
| | | | | | udev events are received... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-13776 | | | | systemd: mishandles numerical |
| | | | | | usernames beginning with |
| | | | | | decimal digits or 0x followed |
| | | | | | by... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libwind0-heimdal | CVE-2019-14870 | MEDIUM | 7.5.0+dfsg-3 | | samba: The |
| | | | | | DelegationNotAllowed Kerberos |
| | | | | | feature restriction was |
| | | | | | not being applied when |
| | | | | | processing... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| libxml2 | CVE-2016-9318 | HIGH | 2.9.4+dfsg1-7 | | libxml2: XML External Entity |
| | | | | | vulnerability |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-16932 | | | | libxml2: Infinite recursion in |
| | | | | | parameter entities |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19956 | | | | libxml2: memory leak in |
| | | | | | xmlParseBalancedChunkMemoryRecover |
| | | | | | in parser.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-20388 | | | | libxml2: memory leak |
| | | | | | in xmlSchemaPreRun in |
| | | | | | xmlschemas.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-7595 | | | | libxml2: infinite loop in |
| | | | | | xmlStringLenDecodeEntities in |
| | | | | | some end-of-file situations |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2018-14567 | MEDIUM | | | libxml2: Infinite loop caused |
| | | | | | by incorrect error detection |
| | | | | | during LZMA decompression |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-18258 | LOW | | | libxml2: Unrestricted memory |
| | | | | | usage in xz_head() function in |
| | | | | | xzlib.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-14404 | | | | libxml2: NULL pointer |
| | | | | | dereference in |
| | | | | | xmlXPathCompOpEval() function |
| | | | | | in xpath.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-24977 | | | | libxml2: Buffer Overflow |
| | | | | | vulnerability in |
| | | | | | xmlEncodeEntitiesInternal at |
| | | | | | libxml2/entities.c |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| libxtables12 | CVE-2012-2663 | | 1.8.2-4 | | iptables: --syn flag bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-11360 | | | | A buffer overflow in |
| | | | | | iptables-restore in netfilter |
| | | | | | iptables 1.8.2 allows an |
| | | | | | attacker... |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| locales | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in |
| | | | | | backtrace functions for |
| | | | | | powerpc |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in |
| | | | | | glob() function when expanding |
| | | | | | ~user |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-10029 | MEDIUM | | | glibc: stack corruption from |
| | | | | | crafted input in cosl, sinl, |
| | | | | | sincosl, and tanl... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance |
| | | | | | the... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: |
| | | | | | De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 |
| | | | | | glibc: De-recursivise regular |
| | | | | | expression engine |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-4756 | | | | glibc: glob implementation can |
| | | | | | cause excessive CPU and memory |
| | | | | | consumption due to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can |
| | | | | | hang when invoked with the -c |
| | | | | | option |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection |
| | | | | | bypass |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on |
| | | | | | malicious ELF leads to code |
| | | | | | execution because of... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using cache |
| | | | | | of thread stack and heap |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure |
| | | | | | of heap addresses of |
| | | | | | pthread_created thread |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19126 | | | | glibc: |
| | | | | | LD_PREFER_MAP_32BIT_EXEC not |
| | | | | | ignored in setuid binaries |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled |
| | | | | | recursion in function |
| | | | | | check_dst_limits_calc_pos_1 in |
| | | | | | posix/regexec.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the ARMv7 |
| | | | | | memcpy function |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user |
| | | | | | to drop supplementary |
| | | | | | groups potentially allowing |
| | | | | | privilege... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users |
| | | | | | can obtain root access |
| | | | | | because setuid programs are |
| | | | | | misconfigured... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | TEMP-0628843-DBAD28 | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| mariadb-common | CVE-2020-15180 | CRITICAL | 1:10.3.22-0+deb10u1 | 1:10.3.25-0+deb10u1 | mariadb: Insufficient SST |
| | | | | | method name check leading |
| | | | | | to code injection in |
| | | | | | mysql-wsrep... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-13249 | HIGH | | 1:10.3.23-0+deb10u1 | mariadb-connector-c: Improper |
| | | | | | validation of content in a OK |
| | | | | | packet received from server... |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14765 | MEDIUM | | | mysql: Server: FTS unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14776 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14789 | | | | mysql: Server: FTS unspecified |
| | | | | | vulnerability (CPU Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-14812 | | | | mysql: Server: Locking |
| | | | | | unspecified vulnerability (CPU |
| | | | | | Oct 2020) |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-2752 | | | 1:10.3.23-0+deb10u1 | mysql: C API unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2760 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2812 | | | | mysql: Server: Stored |
| | | | | | Procedure unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-2814 | | | | mysql: InnoDB unspecified |
| | | | | | vulnerability (CPU Apr 2020) |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| openssl | CVE-2007-6755 | LOW | 1.1.1d-0+deb10u3 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication |
| | | | | | weakness |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-1551 | | | | openssl: Integer overflow in |
| | | | | | RSAZ modular exponentiation on |
| | | | | | x86_64 |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user |
| | | | | | to drop supplementary |
| | | | | | groups potentially allowing |
| | | | | | privilege... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users |
| | | | | | can obtain root access |
| | | | | | because setuid programs are |
| | | | | | misconfigured... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | TEMP-0628843-DBAD28 | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| perl | CVE-2020-10543 | HIGH | 5.28.1-6 | 5.28.1-6+deb10u1 | perl: heap-based buffer |
| | | | | | overflow in regular expression |
| | | | | | compiler leads to DoS |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-10878 | | | | perl: corruption of |
| | | | | | intermediate language state |
| | | | | | of compiled regular expression |
| | | | | | due to... |
+ +---------------------+ + + + +
| | CVE-2020-12723 | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| perl-base | CVE-2020-10543 | HIGH | | 5.28.1-6+deb10u1 | perl: heap-based buffer |
| | | | | | overflow in regular expression |
| | | | | | compiler leads to DoS |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-10878 | | | | perl: corruption of |
| | | | | | intermediate language state |
| | | | | | of compiled regular expression |
| | | | | | due to... |
+ +---------------------+ + + + +
| | CVE-2020-12723 | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| perl-modules-5.28 | CVE-2020-10543 | HIGH | | 5.28.1-6+deb10u1 | perl: heap-based buffer |
| | | | | | overflow in regular expression |
| | | | | | compiler leads to DoS |
+ +---------------------+ + + +------------------------------------+
| | CVE-2020-10878 | | | | perl: corruption of |
| | | | | | intermediate language state |
| | | | | | of compiled regular expression |
| | | | | | due to... |
+ +---------------------+ + + + +
| | CVE-2020-12723 | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| python3-yaml | CVE-2017-18342 | | 3.13-2 | | PyYAML: yaml.load() API could |
| | | | | | execute arbitrary code |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
| python3.7 | CVE-2020-26116 | HIGH | 3.7.3-2+deb10u1 | | python: CRLF injection |
| | | | | | via HTTP request method in |
| | | | | | httplib/http.client |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14422 | MEDIUM | | 3.7.3-2+deb10u2 | python: DoS via inefficiency |
| | | | | | in IPv{4,6}Interface classes |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-17522 | LOW | | | python: Command injection in |
| | | | | | Lib/webbrowser.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-18348 | | | | python: CRLF injection via the |
| | | | | | host part of the url passed |
| | | | | | to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9674 | | | | python: Nested zip file |
| | | | | | (Zip bomb) vulnerability in |
| | | | | | Lib/zipfile.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27619 | | | | python: Python 3 eval of http |
| | | | | | resources during test suite |
| | | | | | runs |
+----------------------+---------------------+----------+ +------------------------------+------------------------------------+
| python3.7-minimal | CVE-2020-26116 | HIGH | | | python: CRLF injection |
| | | | | | via HTTP request method in |
| | | | | | httplib/http.client |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2020-14422 | MEDIUM | | 3.7.3-2+deb10u2 | python: DoS via inefficiency |
| | | | | | in IPv{4,6}Interface classes |
+ +---------------------+----------+ +------------------------------+------------------------------------+
| | CVE-2017-17522 | LOW | | | python: Command injection in |
| | | | | | Lib/webbrowser.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-18348 | | | | python: CRLF injection via the |
| | | | | | host part of the url passed |
| | | | | | to... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9674 | | | | python: Nested zip file |
| | | | | | (Zip bomb) vulnerability in |
| | | | | | Lib/zipfile.py |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-27619 | | | | python: Python 3 eval of http |
| | | | | | resources during test suite |
| | | | | | runs |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| slapd | CVE-2015-3276 | | 2.4.50+dfsg-1~bpo10+1 | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+ + +------------------------------+------------------------------------+
| slapd-contrib | CVE-2015-3276 | | | | openldap: incorrect |
| | | | | | multi-keyword mode |
| | | | | | cipherstring parsing |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to |
| | | | | | cause... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly matches |
| | | | | | name against CN-ID |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| sysvinit-utils | TEMP-0517018-A83CE6 | | 2.93-8 | | |
+----------------------+---------------------+ +------------------------------+------------------------------+------------------------------------+
| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | Tar 1.15.1 does not properly |
| | | | | | warn the user when extracting |
| | | | | | setuid or... |
+ +---------------------+ + +------------------------------+------------------------------------+
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
| | | | | | in pax_decode_header in |
| | | | | | sparse.c |
+ +---------------------+ + +------------------------------+------------------------------------+
| | TEMP-0290435-0B57B5 | | | | |
+----------------------+---------------------+----------+------------------------------+------------------------------+------------------------------------+
maxpeal@static:~$
I can confirm this with Docker v20.10.0
and osixia/openldap:latest
.
With Docker 20 you can easily check an image against vulnerabilities with
docker scan osixia/openldap:latest
This results in 150 found vulnerabilities. I find this quite heavy. Other popular images (e.g. php
, nginx
) have like 5 to 10 vulnerabilities, this image (which handles authentication!) has 150!
@MaxPeal Can you please pack your vulnerabilities list into a spoiler with the following code? This would make it easier to read a possible discussion :)
<details>
<summary>Title</summary>
Text
</details>
Total: 333 (UNKNOWN: 0, LOW: 183, MEDIUM: 71, HIGH: 77, CRITICAL: 2)
$ docker run --rm -v ~/.cache/trivy:/root/.cache/ aquasec/trivy:${VERSION} -debug $DUT:latest osixia/openldap:latest (debian 10.4)