search

splunk / splunk-connect-for-kubernetes

Helm charts associated with kubernetes plug-ins
Apache License 2.0
342 stars 270 forks source link

Security Vulnerabilities #492

Closed vinitmasaun closed 2 years ago

vinitmasaun commented 3 years ago

Hello,

We have deployed v1.4.3 in our environment and our security scan through twistlock has identified lots of high and important security vulnerabilities in splunk connect for K8s. Following are the CVE ids for the vulnerabilities. Are these going to be addressed? If so, what is the timeline?

CVE-2018-1000500 CVE-2020-14363 CVE-2020-8252 CVE-2020-25613 CVE-2020-10663 CVE-2020-8116 CVE-2020-15999

jkleinlercher commented 3 years ago

Any news? Our security officers also complain due to the high number of CVEs.

rockb1017 commented 3 years ago

I looked into this last December and created this image rock1017/fluentd-hec-27-2:1.2.4 with fixes available at the time. There are some vulnerabilities with not available fix yet. we will be updating our image as they become available. Thanks

florianzimm commented 3 years ago

@rockb1017 thanks. some programs were upgraded (npm, node, ruby, ..). still there is a massive number of issues in a huge red hat enterprise 8.3 image (by jfrog xrays count unfortunately even more than in the official 1.2.4. image, whyever that might be).

i reckon as kubernetes is prevailing in more traditional, heavily regulated industries, demand to conform to more rigorous (security-)standards will rise. and maybe switching to a lightweigt, more secure base-image will be necessary as well.

i think splunk needs to improve there quite a bit.

niteenkole commented 3 years ago
We see similar issue. Having splunk with CVE which has fix in production will be really security issue. we have latest 1.4.4 fixed_version name package_name package_version score score_v3 severity
1:12.18.2-1.module+el8.2.0+7233+61d664c1 RHSA-2020:2852 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 9.3 8.1 High
1:12.16.1-2.module+el8.1.0+6117+b25a342c RHSA-2020:1293 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 6.8 8.8 High
1:12.19.1-1.module+el8.3.0+8851+b7b41ca0 RHSA-2020:5499 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 5 7.5 High
1:12.16.1-1.module+el8.1.0+5811+44509afe RHSA-2020:0598 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 7.5 9.8 High
1:12.18.4-2.module+el8.2.0+8361+192e434e RHSA-2020:4272 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 4.6 7.8 High
1:12.18.2-1.module+el8.2.0+7233+61d664c1 RHSA-2020:2852 nodejs-full-i18n 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 9.3 8.1 High
1:12.19.1-1.module+el8.3.0+8851+b7b41ca0 RHSA-2020:5499 nodejs-full-i18n 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 5 7.5 High
1:12.18.4-2.module+el8.2.0+8361+192e434e RHSA-2020:4272 nodejs-full-i18n 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 4.6 7.8 High
1:6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e RHSA-2020:4272 npm 1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3 4.6 7.8 High
1:6.14.5-1.12.18.2.1.module+el8.2.0+7233+61d664c1 RHSA-2020:2852 npm 1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3 9.3 8.1 High
1:6.14.8-1.12.19.1.1.module+el8.3.0+8851+b7b41ca0 RHSA-2020:5499 npm 1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3 5 7.5 High
1.16.1-3.module+el8.0.0+3250+4b7d6d43 RHSA-2019:1972 rubygem-bundler 1.16.1-3.module+el8+2671+ebcc7ee0 6.8 8.8 High
>=4.2.1;<5.0.0; OR >=5.1.1 CVE-2020-8116 usr/lib/node_modules/npm/node_modules/dot-prop/package.json 4.2.0 7.5 7.3 High
>=5.2.4.3,5.2; OR >=6.0.3.1 CVE-2020-8165 usr/share/gems/specifications/activesupport-5.2.4.3 5.2.4.3 7.5 9.8 High
>=1.6.1 CVE-2020-25613 usr/share/gems/specifications/default/webrick-1.4.2 1.4.2 5 7.5 High
>=2.3.0 CVE-2020-10663 usr/share/gems/specifications/json-2.1.0 2.1.0 5 7.5 High
>=12.3.3 CVE-2020-8130 usr/share/gems/specifications/rake-12.3.0 12.3.0 9.3 8.1 High
rockb1017 commented 3 years ago

Hello @niteenkole our latest image has node version 14.15.1 and npm 6.14.8. your table says it has nodejs 10.21.0 and npm 6.14.4? 

docker run -it splunk/fluentd-hec:1.2.4 bash
bash-4.4$ node --version
v14.15.1
bash-4.4$ npm --version
6.14.8

Hello @florianzimm Thanks for your comment. Do you have any examples of building fluentd application without vulnerabilities?

niteenkole commented 3 years ago

@rockb1017

I am sure we have below. NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION splunk-connect-dev splunk 1 2021-01-13 11:16:05.501985101 -0500 EST deployed splunk-connect-for-kubernetes-1.4.4 1.4.4

describe on pod Containers: splunk-fluentd-k8s-logs: Container ID: containerd://80b762040df74119564240afb234d815xxxxxxxxxx Image: docker.io/splunk/fluentd-hec:1.2.4

kubectl exec -it splunk-connect-dev-splunk-kubernetes-logging-8h5qf -n splunk -- sh sh-4.4# node --version v10.21.0 sh-4.4# npm --version 6.14.4

niteenkole commented 3 years ago

have installed 1.4.4 as below

helm install splunk-connect-dev -f niteen-vaules-07.yaml -n splunk https://github.com/splunk/splunk-connect-for-kubernetes/releases/download/1.4.4/splunk-connect-for-kubernetes-1.4.4.tgz

rockb1017 commented 3 years ago

could you do fresh pull from dockerhub ? docker pull splunk/fluentd-hec:1.2.4

niteenkole commented 3 years ago

sure. I can restart pod which should pull latest splunk/fluentd-hec:1.2.4 and scan

niteenkole commented 3 years ago

you need to check below.

docker run -it splunk/fluentd-hec:1.2.4 bash Unable to find image 'splunk/fluentd-hec:1.2.4' locally Trying to pull repository registry.access.redhat.com/splunk/fluentd-hec ... Pulling repository registry.access.redhat.com/splunk/fluentd-hec Trying to pull repository docker.io/splunk/fluentd-hec ... 1.2.4: Pulling from docker.io/splunk/fluentd-hec d9e72d058dc5: Pull complete cca21acb641a: Pull complete 620696f92fec: Pull complete a108724c930f: Pull complete 743be1bee877: Pull complete 0fd70c8f2a2f: Pull complete 93c7a9ad1e0b: Pull complete b9f59c896a8e: Pull complete da9c9c102637: Pull complete 3b3a1f6705fe: Pull complete 88312b755c95: Pull complete Digest: sha256:9a068dc1c083b612b0fdc4c62fd06f11a0aa45dd17c5b7db2fc9a0c92d8cf927 Status: Downloaded newer image for docker.io/splunk/fluentd-hec:1.2.4 bash-4.4$ node --version v10.21.0 bash-4.4$ npm --version 6.14.4 bash-4.4$

niteenkole commented 3 years ago

may be you have local image ?

rockb1017 commented 3 years ago

omg. I think that is only possible explanation. lol could you use rock1017/fluentd-hec-27-2:1.2.4 this image? it is same image under my dockerhub account. I will work on releasing new image, but it takes time to officially release to splunk account. Thank you!

niteenkole commented 3 years ago

Sure ,I will update my deployment to point to rock1017/fluentd-hec-27-2:1.2.4 run scan and update.

niteenkole commented 3 years ago

Hi,

image is now docker.io/rock1017/fluentd-hec-27-2:1.2.4

Way better :)

fixed_version name package_name package_version published_timestamp score score_v3 severity
3.6.14-7.el8_3 RHSA-2020:5483 gnutls 3.6.14-6.el8 1599232500 5 7.5 High
12.5-1.el8_3 RHSA-2020:5401 libpq 12.4-1.el8_2 1605489300 6.8 8.1 High
12.5-1.el8_3 RHSA-2020:5401 libpq-devel 12.4-1.el8_2 1605489300 6.8 8.1 High
3.1.11-2.el8_3 RHSA-2020:5503 mariadb-connector-c 3.0.7-1.el8 1590002100 6.8 8.8 High
3.1.11-2.el8_3 RHSA-2020:5503 mariadb-connector-c-config 3.0.7-1.el8 1590002100 6.8 8.8 High
3.1.11-2.el8_3 RHSA-2020:5503 mariadb-connector-c-devel 3.0.7-1.el8 1590002100 6.8 8.8 High
#>=5.2.4.3,5.2; OR >=6.0.3.1# CVE-2020-8165 usr/share/gems/specifications/activesupport-5.2.4.3 5.2.4.3 1592590500 7.5 9.8 High
#>=1.6.1 CVE-2020-25613 usr/share/gems/specifications/default/webrick-1.6.0 1.6.0 1601990100 5 7.5 High
1:1.1.1g-12.el8_3 RHSA-2020:5476 openssl-devel 1:1.1.1g-11.el8 1607444100 4.3 5.9 Medium
1:1.1.1g-12.el8_3 RHSA-2020:5476 openssl-libs 1:1.1.1g-11.el8 1607444100 4.3 5.9 Medium
niteenkole commented 3 years ago

we see 1.4.5 released today which still has docker.io/splunk/fluentd-hec:1.2.4 ?

We going to collect security logs from cluster and your image will introduce more CVE in our env with every release splunk don't take care of cve with fix and fix them and then release ?

florianzimm commented 3 years ago

the new 1.2.4 ist way better, the tag was just not incremented.

niteenkole commented 3 years ago

@florianzimm I don't think so, I see below same as 1.4.4

fixed_version name package_name package_version score score_v3 severity
1:12.18.2-1.module+el8.2.0+7233+61d664c1 RHSA-2020:2852 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 9.3 8.1 High
1:12.16.1-1.module+el8.1.0+5811+44509afe RHSA-2020:0598 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 7.5 9.8 High
1:12.19.1-1.module+el8.3.0+8851+b7b41ca0 RHSA-2020:5499 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 5 7.5 High
1:12.16.1-2.module+el8.1.0+6117+b25a342c RHSA-2020:1293 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 6.8 8.8 High
1:12.18.4-2.module+el8.2.0+8361+192e434e RHSA-2020:4272 nodejs 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 4.6 7.8 High
1:12.19.1-1.module+el8.3.0+8851+b7b41ca0 RHSA-2020:5499 nodejs-full-i18n 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 5 7.5 High
1:12.18.2-1.module+el8.2.0+7233+61d664c1 RHSA-2020:2852 nodejs-full-i18n 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 9.3 8.1 High
1:12.18.4-2.module+el8.2.0+8361+192e434e RHSA-2020:4272 nodejs-full-i18n 1:10.21.0-3.module+el8.2.0+7071+d2377ea3 4.6 7.8 High
1:6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e RHSA-2020:4272 npm 1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3 4.6 7.8 High
1:6.14.5-1.12.18.2.1.module+el8.2.0+7233+61d664c1 RHSA-2020:2852 npm 1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3 9.3 8.1 High
1:6.14.8-1.12.19.1.1.module+el8.3.0+8851+b7b41ca0 RHSA-2020:5499 npm 1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3 5 7.5 High
1.16.1-3.module+el8.0.0+3250+4b7d6d43 RHSA-2019:1972 rubygem-bundler 1.16.1-3.module+el8+2671+ebcc7ee0 6.8 8.8 High
#>=4.2.1;<5.0.0; OR >=5.1.1 CVE-2020-8116 usr/lib/node_modules/npm/node_modules/dot-prop/package.json 4.2.0 7.5 7.3 High
#>=5.2.4.3,5.2; OR >=6.0.3.1 CVE-2020-8165 usr/share/gems/specifications/activesupport-5.2.4.3 5.2.4.3 7.5 9.8 High
#>=1.6.1 CVE-2020-25613 usr/share/gems/specifications/default/webrick-1.4.2 1.4.2 5 7.5 High
#>=2.3.0 CVE-2020-10663 usr/share/gems/specifications/json-2.1.0 2.1.0 5 7.5 High
#>=12.3.3 CVE-2020-8130 usr/share/gems/specifications/rake-12.3.0 12.3.0 9.3 8.1 High
rockb1017 commented 3 years ago

Hello, @niteenkole

Releases with updates to 3rd party dependents have to go through another process within Splunk. So it takes more time. Hopefully I can release update soon.

niteenkole commented 3 years ago

@rockb1017 thanks.

We trying to understand the image/security upgrade process from splunk so that we can define correct security policy from our side.

Can you help us understand with say release like 1.4.5 you still working on 3rd party dependents and need some time.

With 3rd part dependents ready to release it will be like 1.4.6 ?

zencircle commented 3 years ago

A new image was added but tag is still the same image

rockb1017 commented 3 years ago

I can release patches that are about just helm chart modification or source code change. but when it involves upgrading 3rd party component, we will have to go through more review processes. I had simple patches released and a release with upgraded component will be out with 1.4.7. Thank you.

florianzimm commented 3 years ago

recognizable efforts were made to reduce the number of vulnerabilites in your base-images. thanks.

on december 2nd the fluentd-image (scanned with XRay) had 525 vulnerabilities, 45 with HIGH severity. as of today (16th march) the image is down to 183, 11 HIGH.

i'd like to emphasize the importance of ongoing focus on this issue. furthermore it'd would be great if you could make use of a more lightweight container-os to run splunk-connect in. this would additionaly alleviate (security)distress on the containers. AND be beneficial for performance/resource usage as well.

thanks. florian.

rockb1017 commented 3 years ago

Hello, @florianzimm If you have a reference for building image for fluentd that is lighter and more secure, please share it. I will review and see if we can improve. Thank you!

vinzent commented 3 years ago

Can you share your new scan results? I somehow doubt that all your found vulns are actually vulns. Red Hat backports fixes to older packages. Then silly scanners detect vulnerabilities that just don't exist.

vinzent commented 3 years ago

but nevertheless, having a more minimal base image might be worth a try. the image currently uses registry.access.redhat.com/ubi8/ruby-27.

maybe build on the ubi-minimal base image? downside is that microdnf doesnt support the yum modules. Ruby without modules is version 2.5 .

florianzimm commented 3 years ago

Can you share your new scan results? I somehow doubt that all your found vulns are actually vulns. Red Hat backports fixes to older packages. Then silly scanners detect vulnerabilities that just don't exist.

the world according to xray

Summary CVEs Severity Type Provider Component Infected Version Fix Version
RHSA-2019:1972: ruby:2.5 security update (Important) CVE-2019-8324 High 8:rubygem-bundler < 0:1.16.1-3.module+el8.0.0+3250+4b7d6d43 ≥ 0:1.16.1-3.module+el8.0.0+3250+4b7d6d43
RHSA-2020:2847: nodejs:12 security update (Important) "CVE-2020-11080 CVE-2020-7598 CVE-2020-8172 CVE-2020-8174" High 8:nodejs-full-i18n < 1:12.18.2-1.module+el8.1.0+7232+f8b5ede5 ≥ 1:12.18.2-1.module+el8.1.0+7232+f8b5ede5
RHSA-2020:2847: nodejs:12 security update (Important) "CVE-2020-11080 CVE-2020-7598 CVE-2020-8172 CVE-2020-8174" High 8:nodejs < 1:12.18.2-1.module+el8.1.0+7232+f8b5ede5 ≥ 1:12.18.2-1.module+el8.1.0+7232+f8b5ede5
RHSA-2021:0740: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:nodejs-full-i18n < 1:12.21.0-1.module+el8.2.0+10192+8959c43b ≥ 1:12.21.0-1.module+el8.2.0+10192+8959c43b
RHSA-2021:0740: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:nodejs < 1:12.21.0-1.module+el8.2.0+10192+8959c43b ≥ 1:12.21.0-1.module+el8.2.0+10192+8959c43b
RHSA-2021:0740: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:npm < 1:6.14.11-1.12.21.0.1.module+el8.2.0+10192+8959c43b ≥ 1:6.14.11-1.12.21.0.1.module+el8.2.0+10192+8959c43b
RHSA-2021:0734: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:nodejs-full-i18n < 1:12.21.0-1.module+el8.3.0+10191+34fb5a07 ≥ 1:12.21.0-1.module+el8.3.0+10191+34fb5a07
RHSA-2021:0734: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:nodejs < 1:12.21.0-1.module+el8.3.0+10191+34fb5a07 ≥ 1:12.21.0-1.module+el8.3.0+10191+34fb5a07
RHSA-2021:0734: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:npm < 1:6.14.11-1.12.21.0.1.module+el8.3.0+10191+34fb5a07 ≥ 1:6.14.11-1.12.21.0.1.module+el8.3.0+10191+34fb5a07
RHSA-2021:0744: nodejs:14 security and bug fix update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:nodejs-full-i18n < 1:14.16.0-2.module+el8.3.0+10180+b92e1eb6 ≥ 1:14.16.0-2.module+el8.3.0+10180+b92e1eb6
RHSA-2021:0744: nodejs:14 security and bug fix update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:nodejs < 1:14.16.0-2.module+el8.3.0+10180+b92e1eb6 ≥ 1:14.16.0-2.module+el8.3.0+10180+b92e1eb6
RHSA-2021:0744: nodejs:14 security and bug fix update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:npm < 1:6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6 ≥ 1:6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6
RHSA-2021:0739: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:nodejs-full-i18n < 1:12.21.0-1.module+el8.1.0+10194+d5e49c90 ≥ 1:12.21.0-1.module+el8.1.0+10194+d5e49c90
RHSA-2021:0739: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:nodejs < 1:12.21.0-1.module+el8.1.0+10194+d5e49c90 ≥ 1:12.21.0-1.module+el8.1.0+10194+d5e49c90
RHSA-2021:0739: nodejs:12 security update (Important) "CVE-2021-22883 CVE-2021-22884" High 8:npm < 1:6.14.11-1.12.21.0.1.module+el8.1.0+10194+d5e49c90 ≥ 1:6.14.11-1.12.21.0.1.module+el8.1.0+10194+d5e49c90
CVE-2020-14363 libX11: integer overflow leads to double free in locale handling (important) CVE-2020-14363 High 8:libX11 All Versions
CVE-2020-14363 libX11: integer overflow leads to double free in locale handling (important) CVE-2020-14363 High 8:libX11-common All Versions
CVE-2020-14363 libX11: integer overflow leads to double free in locale handling (important) CVE-2020-14363 High 8:libX11-xcb All Versions
RHSA-2020:0598: nodejs:12 security update (Important) "CVE-2019-15604 CVE-2019-15605 CVE-2019-15606" High 8:nodejs < 1:12.16.1-1.module+el8.1.0+5811+44509afe ≥ 1:12.16.1-1.module+el8.1.0+5811+44509afe
RHSA-2020:1293: nodejs:12 security update (Important) CVE-2020-10531 High 8:nodejs < 1:12.16.1-2.module+el8.1.0+6117+b25a342c ≥ 1:12.16.1-2.module+el8.1.0+6117+b25a342c
RHSA-2020:2852: nodejs:12 security update (Important) "CVE-2020-11080 CVE-2020-7598 CVE-2020-8172 CVE-2020-8174" High 8:nodejs-full-i18n < 1:12.18.2-1.module+el8.2.0+7233+61d664c1 ≥ 1:12.18.2-1.module+el8.2.0+7233+61d664c1
RHSA-2020:2852: nodejs:12 security update (Important) "CVE-2020-11080 CVE-2020-7598 CVE-2020-8172 CVE-2020-8174" High 8:nodejs < 1:12.18.2-1.module+el8.2.0+7233+61d664c1 ≥ 1:12.18.2-1.module+el8.2.0+7233+61d664c1
RHSA-2021:0165: libpq security update (Important) "CVE-2020-25694 CVE-2020-25696" High 8:libpq < 0:12.5-2.el8_1 ≥ 0:12.5-2.el8_1
CVE-2016-4607 libxslt: allows remote attacker to cause denial of service (moderate) CVE-2016-4607 Medium 8:libxslt All Versions
CVE-2018-1000858 gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service (moderate) CVE-2018-1000858 Medium 8:gnupg2 All Versions
CVE-2018-20623 binutils: Use-after-free in the error function (moderate) CVE-2018-20623 Medium 8:binutils All Versions
Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. CVE-2019-9674 Medium 8:python3-libs All Versions
CVE-2019-19242 sqlite: SQL injection in sqlite3ExprCodeTarget in expr.c CVE-2019-19242 Medium 8:sqlite All Versions
CVE-2020-15945 lua: segmentation fault in changedline in ldebug.c (moderate) CVE-2020-15945 Medium 8:lua-libs All Versions
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate) CVE-2018-20839 Medium 8:systemd All Versions
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate) CVE-2018-20839 Medium 8:systemd-libs All Versions
CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate) CVE-2018-20839 Medium 8:systemd-pam All Versions
CVE-2020-12762 json-c: integer overflow and out-of-bounds write via a large JSON file (moderate) CVE-2020-12762 Medium 8:json-c All Versions
CVE-2020-12243 openldap: denial of service via nested boolean expressions in LDAP search filters (moderate) CVE-2020-12243 Medium 8:openldap
CVE-2020-14344 libX11: Heap overflow in the X input method client (moderate) CVE-2020-14344 Medium 8:libX11 All Versions
CVE-2020-14344 libX11: Heap overflow in the X input method client (moderate) CVE-2020-14344 Medium 8:libX11-common All Versions
CVE-2020-14344 libX11: Heap overflow in the X input method client (moderate) CVE-2020-14344 Medium 8:libX11-xcb All Versions
CVE-2021-23840 openssl: integer overflow in CipherUpdate CVE-2021-23840 Medium 8:openssl All Versions
CVE-2020-13790 libjpeg-turbo: heap-based buffer over-read in get_rgb_row() in rdppm.c CVE-2020-13790 Medium 8:libjpeg-turbo All Versions
CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (moderate) CVE-2020-10878 Medium 8:perl-Errno All Versions
CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (moderate) CVE-2020-10878 Medium 8:perl-IO All Versions
CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (moderate) CVE-2020-10878 Medium 8:perl-interpreter All Versions
CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (moderate) CVE-2020-10878 Medium 8:perl-libs All Versions
CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (moderate) CVE-2020-10878 Medium 8:perl-macros All Versions
CVE-2020-15778 openssh: scp allows command injection when using backtick characters in the destination argument (moderate) CVE-2020-15778 Medium 8:openssh-clients All Versions
CVE-2020-15778 openssh: scp allows command injection when using backtick characters in the destination argument (moderate) CVE-2020-15778 Medium 8:openssh All Versions
CVE-2019-19603 sqlite: mishandles certain SELECT statements with a nonexistent VIEW, leading to DoS CVE-2019-19603 Medium 8:sqlite All Versions
The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. CVE-2019-20916 Medium pip 6.0 ≤ Version < 19.2 19.2
CVE-2019-19645 sqlite: infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements CVE-2019-19645 Medium 8:sqlite All Versions
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. CVE-2020-26137 Medium urllib3 1.8 ≤ Version < 1.25.9 1.25.9
CVE-2020-28196 krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS (moderate) CVE-2020-28196 Medium 8:krb5-libs All Versions
CVE-2020-28196 krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS (moderate) CVE-2020-28196 Medium 8:libkadm5 All Versions
CVE-2020-8285 curl: malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (moderate) CVE-2020-8285 Medium 8:curl All Versions
CVE-2020-8285 curl: malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (moderate) CVE-2020-8285 Medium 8:libcurl All Versions
CVE-2020-24977 libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c CVE-2020-24977 Medium 8:libxml2 All Versions
CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters CVE-2021-3326 Medium 8:glibc All Versions
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) CVE-2019-1010022 Medium 8:glibc All Versions
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) CVE-2019-1010022 Medium 8:glibc-common All Versions
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) CVE-2019-1010022 Medium 8:glibc-minimal-langpack All Versions
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) CVE-2019-1010022 Medium 8:glibc-locale-source All Versions
CVE-2019-1010022 glibc: stack guard protection bypass (moderate) CVE-2019-1010022 Medium 8:glibc-langpack-en All Versions
CVE-2019-13057 openldap: Information disclosure issue in slapd component (moderate) CVE-2019-13057 Medium 8:openldap
CVE-2017-14502 libarchive: Off-by-one error in the read_header function (moderate) CVE-2017-14502 Medium 8:libarchive All Versions
CVE-2017-14502 libarchive: Off-by-one error in the read_header function (moderate) CVE-2017-14502 Medium 8:bsdtar All Versions
CVE-2018-1000021 git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands (moderate) CVE-2018-1000021 Medium 8:git All Versions
CVE-2018-1000021 git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands (moderate) CVE-2018-1000021 Medium 8:git-core All Versions
CVE-2018-1000021 git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands (moderate) CVE-2018-1000021 Medium 8:perl-Git All Versions
CVE-2018-1000876 binutils: integer overflow leads to heap-based buffer overflow in objdump (moderate) CVE-2018-1000876 Medium 8:binutils All Versions
CVE-2021-20231 gnutls: Use after free in client key_share extension (moderate) CVE-2021-20231 Medium 8:gnutls All Versions
CVE-2017-17095 libtiff: Heap-based buffer overflow in tools/pal2rgb.c can lead to denial of service (moderate) CVE-2017-17095 Medium 8:libtiff All Versions
CVE-2018-16335 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (moderate) CVE-2018-16335 Medium 8:libtiff All Versions
CVE-2017-18018 coreutils: race condition vulnerability in chown and chgrp (moderate) CVE-2017-18018 Medium 8:coreutils-single All Versions
CVE-2019-13751 sqlite: fts3: improve detection of corrupted records CVE-2019-13751 Medium 8:sqlite All Versions
CVE-2019-19880 sqlite: invalid pointer dereference in exprListAppendList in window.c CVE-2019-19880 Medium 8:sqlite All Versions
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). CVE-2018-20225 Medium pip 1.3 ≤ Version < 20.3 20.3
CVE-2019-12904 Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate) CVE-2019-12904 Medium 8:libgcrypt All Versions
CVE-2019-17595 ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c (moderate) CVE-2019-17595 Medium 8:ncurses-base All Versions
CVE-2019-17595 ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c (moderate) CVE-2019-17595 Medium 8:ncurses-libs All Versions
CVE-2019-17595 ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c (moderate) CVE-2019-17595 Medium 8:ncurses All Versions
RHSA-2020:4903: nodejs:12 security and bug fix update (Moderate) "CVE-2020-15095 CVE-2020-8116 CVE-2020-8201 CVE-2020-8252" Medium 8:nodejs-full-i18n < 1:12.18.4-2.module+el8.1.0+8360+14141500 ≥ 1:12.18.4-2.module+el8.1.0+8360+14141500
RHSA-2020:4903: nodejs:12 security and bug fix update (Moderate) "CVE-2020-15095 CVE-2020-8116 CVE-2020-8201 CVE-2020-8252" Medium 8:nodejs < 1:12.18.4-2.module+el8.1.0+8360+14141500 ≥ 1:12.18.4-2.module+el8.1.0+8360+14141500
CVE-2019-9074 binutils: out-of-bound read in function bfd_getl32 in libbfd.c (moderate) CVE-2019-9074 Medium 8:binutils All Versions
RHSA-2020:4272: nodejs:12 security and bug fix update (Moderate) "CVE-2020-15095 CVE-2020-8116 CVE-2020-8201 CVE-2020-8252" Medium 8:nodejs-full-i18n < 1:12.18.4-2.module+el8.2.0+8361+192e434e ≥ 1:12.18.4-2.module+el8.2.0+8361+192e434e
RHSA-2020:4272: nodejs:12 security and bug fix update (Moderate) "CVE-2020-15095 CVE-2020-8116 CVE-2020-8201 CVE-2020-8252" Medium 8:nodejs < 1:12.18.4-2.module+el8.2.0+8361+192e434e ≥ 1:12.18.4-2.module+el8.2.0+8361+192e434e
CVE-2019-5188 e2fsprogs: Out-of-bounds write in e2fsck/rehash.c (moderate) CVE-2019-5188 Medium 8:libcom_err All Versions
CVE-2019-9633 glib: g_socket_client_connected_callback in gio/gsocketclient.c allows to cause denial of service (moderate) CVE-2019-9633 Medium 8:glib2 All Versions
CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (moderate) CVE-2019-3842 Medium 8:systemd All Versions
CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (moderate) CVE-2019-3842 Medium 8:systemd-libs All Versions
CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (moderate) CVE-2019-3842 Medium 8:systemd-pam All Versions
CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS (moderate) CVE-2020-10543 Medium 8:perl-Errno All Versions
CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS (moderate) CVE-2020-10543 Medium 8:perl-IO All Versions
CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS (moderate) CVE-2020-10543 Medium 8:perl-interpreter All Versions
CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS (moderate) CVE-2020-10543 Medium 8:perl-libs All Versions
CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS (moderate) CVE-2020-10543 Medium 8:perl-macros All Versions
CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (moderate) CVE-2019-9169 Medium 8:glibc All Versions
CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (moderate) CVE-2019-9169 Medium 8:glibc-common All Versions
CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (moderate) CVE-2019-9169 Medium 8:glibc-minimal-langpack All Versions
CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (moderate) CVE-2019-9169 Medium 8:glibc-locale-source All Versions
CVE-2019-9169 glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (moderate) CVE-2019-9169 Medium 8:glibc-langpack-en All Versions
CVE-2020-26137 python-urllib3: CRLF injection via HTTP request method (moderate) CVE-2020-26137 Medium 8:python3-urllib3 All Versions
CVE-2020-8284 curl: dangerous nature of PASV command could be used to make curl extract information otherwise private (moderate) CVE-2020-8284 Medium 8:curl All Versions
CVE-2020-8284 curl: dangerous nature of PASV command could be used to make curl extract information otherwise private (moderate) CVE-2020-8284 Medium 8:libcurl All Versions
CVE-2020-13776 systemd: mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (moderate) CVE-2020-13776 Medium 8:systemd All Versions
CVE-2020-13776 systemd: mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (moderate) CVE-2020-13776 Medium 8:systemd-libs All Versions
CVE-2020-13776 systemd: mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (moderate) CVE-2020-13776 Medium 8:systemd-pam All Versions
CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode (moderate) CVE-2019-13750 Medium 8:sqlite-libs All Versions
CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode (moderate) CVE-2019-13750 Medium 8:sqlite All Versions
CVE-2019-18224 libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c (moderate) CVE-2019-18224 Medium 8:libidn2 All Versions
CVE-2019-9075 binutils: heap-based buffer overflow in function _bfd_archive_64_bit_slurp_armap in archive64.c (moderate) CVE-2019-9075 Medium 8:binutils All Versions
CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate) CVE-2019-17543 Medium 8:lz4-libs All Versions
CVE-2019-5827 chromium-browser: out-of-bounds access in SQLite (moderate) CVE-2019-5827 Medium 8:sqlite-libs All Versions
CVE-2019-5827 chromium-browser: out-of-bounds access in SQLite (moderate) CVE-2019-5827 Medium 8:sqlite All Versions
CVE-2020-8286 curl: inferior OCSP verification (moderate) CVE-2020-8286 Medium 8:curl All Versions
CVE-2020-8286 curl: inferior OCSP verification (moderate) CVE-2020-8286 Medium 8:libcurl All Versions
CVE-2020-15358 sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c (moderate) CVE-2020-15358 Medium 8:sqlite-libs All Versions
CVE-2020-15358 sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c (moderate) CVE-2020-15358 Medium 8:sqlite All Versions
CVE-2018-20671 binutils: Integer overflow in load_specific_debug_section function (moderate) CVE-2018-20671 Medium 8:binutils All Versions
CVE-2019-3881 rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (moderate) CVE-2019-3881 Medium 8:rubygem-bundler All Versions
CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (moderate) CVE-2019-25013 Medium 8:glibc All Versions
CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (moderate) CVE-2019-25013 Medium 8:glibc-common All Versions
CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (moderate) CVE-2019-25013 Medium 8:glibc-minimal-langpack All Versions
CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (moderate) CVE-2019-25013 Medium 8:glibc-locale-source All Versions
CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (moderate) CVE-2019-25013 Medium 8:glibc-langpack-en All Versions
CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (moderate) CVE-2021-3326 Medium 8:glibc-common All Versions
CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (moderate) CVE-2021-3326 Medium 8:glibc All Versions
CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (moderate) CVE-2021-3326 Medium 8:glibc-minimal-langpack All Versions
CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (moderate) CVE-2021-3326 Medium 8:glibc-locale-source All Versions
CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters (moderate) CVE-2021-3326 Medium 8:glibc-langpack-en All Versions
CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (moderate) CVE-2021-23841 Medium 8:openssl-libs All Versions
CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (moderate) CVE-2021-23841 Medium 8:openssl All Versions
CVE-2021-23840 openssl: integer overflow in CipherUpdate (moderate) CVE-2021-23840 Medium 8:openssl-libs All Versions
CVE-2021-23840 openssl: integer overflow in CipherUpdate (moderate) CVE-2021-23840 Medium 8:openssl All Versions
CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve (moderate) CVE-2021-3114 Medium 8:libgcc All Versions
CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve (moderate) CVE-2021-3114 Medium 8:libstdc++ All Versions
CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve (moderate) CVE-2021-3114 Medium 8:libgomp All Versions
CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve (moderate) CVE-2021-3114 Medium 8:gcc All Versions
CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve (moderate) CVE-2021-3114 Medium 8:gcc-c++ All Versions
CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve (moderate) CVE-2021-3114 Medium 8:cpp All Versions
CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve (moderate) CVE-2021-3114 Medium 8:gcc-gdb-plugin All Versions
CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (moderate) CVE-2020-12723 Medium 8:perl-parent All Versions
CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (moderate) CVE-2020-12723 Medium 8:perl-Pod-Simple All Versions
CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (moderate) CVE-2020-12723 Medium 8:perl-Pod-Escapes All Versions
CVE-2021-3421 rpm: unsigned signature header leads to string injection into an rpm database CVE-2021-3421 Medium 8:rpm All Versions
CVE-2020-29361 p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers CVE-2020-29361 Medium 8:p11-kit All Versions
RHSA-2021:0549: nodejs:12 security update (Moderate) "CVE-2019-10746 CVE-2019-10747 CVE-2020-7754 CVE-2020-7788 CVE-2020-8265 CVE-2020-8287" Medium 8:nodejs-full-i18n < 1:12.20.1-1.module+el8.3.0+9503+19cb079c ≥ 1:12.20.1-1.module+el8.3.0+9503+19cb079c
RHSA-2021:0549: nodejs:12 security update (Moderate) "CVE-2019-10746 CVE-2019-10747 CVE-2020-7754 CVE-2020-7788 CVE-2020-8265 CVE-2020-8287" Medium 8:nodejs < 1:12.20.1-1.module+el8.3.0+9503+19cb079c ≥ 1:12.20.1-1.module+el8.3.0+9503+19cb079c
RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) "CVE-2020-15366 CVE-2020-7754 CVE-2020-7774 CVE-2020-7788 CVE-2020-8265 CVE-2020-8277 CVE-2020-8287" Medium 8:nodejs-full-i18n < 1:14.15.4-2.module+el8.3.0+9635+ffdf8381 ≥ 1:14.15.4-2.module+el8.3.0+9635+ffdf8381
RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate) "CVE-2020-15366 CVE-2020-7754 CVE-2020-7774 CVE-2020-7788 CVE-2020-8265 CVE-2020-8277 CVE-2020-8287" Medium 8:nodejs < 1:14.15.4-2.module+el8.3.0+9635+ffdf8381 ≥ 1:14.15.4-2.module+el8.3.0+9635+ffdf8381
CVE-2020-29363 p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c CVE-2020-29363 Medium 8:p11-kit All Versions
CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB (moderate) CVE-2020-8927 Medium 8:brotli All Versions
CVE-2021-20197 binutils: race window allows users to own arbitrary files CVE-2021-20197 Medium 8:binutils All Versions
CVE-2021-23336 python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (moderate) CVE-2021-23336 Medium 8:platform-python All Versions
CVE-2021-23336 python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (moderate) CVE-2021-23336 Medium 8:python3-libs All Versions
CVE-2021-21300 git: remote code execution during clone operation on case-insensitive filesystems (moderate) CVE-2021-21300 Medium 8:git All Versions
CVE-2021-21300 git: remote code execution during clone operation on case-insensitive filesystems (moderate) CVE-2021-21300 Medium 8:git-core All Versions
CVE-2021-21300 git: remote code execution during clone operation on case-insensitive filesystems (moderate) CVE-2021-21300 Medium 8:perl-Git All Versions
CVE-2021-20232 gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c (moderate) CVE-2021-20232 Medium 8:gnutls All Versions
RHSA-2020:5499: nodejs:12 security and bug fix update (Moderate) "CVE-2020-15366 CVE-2020-7608 CVE-2020-7774 CVE-2020-8277" Medium 8:nodejs-full-i18n < 1:12.19.1-1.module+el8.3.0+8851+b7b41ca0 ≥ 1:12.19.1-1.module+el8.3.0+8851+b7b41ca0
RHSA-2020:5499: nodejs:12 security and bug fix update (Moderate) "CVE-2020-15366 CVE-2020-7608 CVE-2020-7774 CVE-2020-8277" Medium 8:nodejs < 1:12.19.1-1.module+el8.3.0+8851+b7b41ca0 ≥ 1:12.19.1-1.module+el8.3.0+8851+b7b41ca0
CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server (moderate) CVE-2020-13249 Medium 8:mariadb-connector-c All Versions
CVE-2020-13249 mariadb-connector-c: Improper validation of content in a OK packet received from server (moderate) CVE-2020-13249 Medium 8:mariadb-connector-c-devel All Versions
CVE-2020-29362 p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c CVE-2020-29362 Medium 8:p11-kit All Versions
CVE-2019-17594 ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c (moderate) CVE-2019-17594 Medium 8:ncurses-base All Versions
CVE-2019-17594 ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c (moderate) CVE-2019-17594 Medium 8:ncurses-libs All Versions
CVE-2019-17594 ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c (moderate) CVE-2019-17594 Medium 8:ncurses All Versions
CVE-2019-9077 binutils: heap-based buffer overflow in function process_mips_specific in readelf.c (moderate) CVE-2019-9077 Medium 8:binutils All Versions
CVE-2019-2201 libjpeg-turbo: several integer overflows and subsequent segfaults when attempting to compress/decompress gigapixel images (moderate) CVE-2019-2201 Medium 8:libjpeg-turbo All Versions
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 Medium urllib3 1.24.1 ≤ Version ≤ 1.24.2 1.24.3] [1.25
CVE-2020-13435 sqlite: NULL pointer dereference leads to segmentation fault in sqlite3ExprCodeTarget in expr.c CVE-2020-13435 Medium 8:sqlite All Versions
CVE-2020-25211 kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (moderate) CVE-2020-25211 Medium 8:kernel-headers All Versions
CVE-2020-13434 sqlite: integer overflow in sqlite3_str_vappendf function in printf.c CVE-2020-13434 Medium 8:sqlite All Versions
CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (moderate) CVE-2018-20673 Medium 8:libgcc All Versions
CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (moderate) CVE-2018-20673 Medium 8:libstdc++ All Versions
CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (moderate) CVE-2018-20673 Medium 8:libgomp All Versions
CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (moderate) CVE-2018-20673 Medium 8:binutils All Versions
CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (moderate) CVE-2018-20673 Medium 8:gcc All Versions
CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (moderate) CVE-2018-20673 Medium 8:gcc-c++ All Versions
CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (moderate) CVE-2018-20673 Medium 8:cpp All Versions
CVE-2018-20673 libiberty: Integer overflow in demangle_template() function (moderate) CVE-2018-20673 Medium 8:gcc-gdb-plugin All Versions
CVE-2019-18218 file: heap-based buffer overflow in cdf_read_property_info in cdf.c (moderate) CVE-2019-18218 Medium 8:file-libs All Versions
CVE-2019-18218 file: heap-based buffer overflow in cdf_read_property_info in cdf.c (moderate) CVE-2019-18218 Medium 8:file All Versions
CVE-2018-15209 libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c (moderate) CVE-2018-15209 Medium 8:libtiff All Versions
CVE-2018-20225 python-pip: when --extra-index-url option is used and package does not already exist in the public index, the installation of malicious package with arbitrary version number is possible. (low) CVE-2018-20225 Low 8:python3-pip-wheel All Versions
CVE-2021-20271 rpm: Signature checks bypass via corrupted rpm package CVE-2021-20271 Low 8:rpm All Versions
CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service CVE-2018-20657 Low 8:binutils All Versions
CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service CVE-2018-20657 Low 8:gcc All Versions
CVE-2021-20266 rpm: missing length checks in hdrblobInit() CVE-2021-20266 Low 8:rpm All Versions
CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage CVE-2019-19244 Low 8:sqlite All Versions
CVE-2019-12972 binutils: out-of-bounds read in setup_group in bfd/elf.c CVE-2019-12972 Low 8:binutils All Versions
CVE-2020-16598 binutils: Null Pointer Dereference in debug_get_real_type could result in DoS CVE-2020-16598 Low 8:binutils All Versions
CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c CVE-2021-27645 Low 8:glibc All Versions
CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option CVE-2016-10228 Low 8:glibc All Versions
CVE-2019-7317 libpng: use-after-free in png_image_free in png.c CVE-2019-7317 Low 8:libpng All Versions
CVE-2018-17101 libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c (low) CVE-2018-17101 Low 8:libtiff All Versions
CVE-2018-18605 binutils: heap-based buffer over-read in sec_merge_hash_lookup in merge.c (low) CVE-2018-18605 Low 8:binutils All Versions
CVE-2017-12652 libpng: does not check length of chunks against user limit (low) CVE-2017-12652 Low 8:libpng All Versions
CVE-2019-6110 openssh: Acceptance and display of arbitrary stderr allows for spoofing of scp client output (low) CVE-2019-6110 Low 8:openssh-clients All Versions
CVE-2019-6110 openssh: Acceptance and display of arbitrary stderr allows for spoofing of scp client output (low) CVE-2019-6110 Low 8:openssh All Versions
CVE-2020-14145 openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation (low) CVE-2020-14145 Low 8:openssh-clients All Versions
CVE-2020-14145 openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation (low) CVE-2020-14145 Low 8:openssh All Versions
CVE-2019-1010023 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation (low) CVE-2019-1010023 Low 8:glibc All Versions
CVE-2019-1010023 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation (low) CVE-2019-1010023 Low 8:glibc-common All Versions
CVE-2019-1010023 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation (low) CVE-2019-1010023 Low 8:glibc-minimal-langpack All Versions
CVE-2019-1010023 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation (low) CVE-2019-1010023 Low 8:glibc-locale-source All Versions
CVE-2019-1010023 glibc: running ldd on malicious ELF leads to code execution because of wrong size computation (low) CVE-2019-1010023 Low 8:glibc-langpack-en All Versions
CVE-2017-14166 libarchive: Heap-based buffer over-read in the atol8 function (low) CVE-2017-14166 Low 8:libarchive All Versions
CVE-2017-14166 libarchive: Heap-based buffer over-read in the atol8 function (low) CVE-2017-14166 Low 8:bsdtar All Versions
CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (low) CVE-2020-21674 Low 8:libarchive All Versions
CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (low) CVE-2020-21674 Low 8:bsdtar All Versions
CVE-2017-14501 libarchive: Out-of-bounds read in parse_file_info (low) CVE-2017-14501 Low 8:libarchive All Versions
CVE-2017-14501 libarchive: Out-of-bounds read in parse_file_info (low) CVE-2017-14501 Low 8:bsdtar All Versions
CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option (low) CVE-2016-10228 Low 8:glibc-minimal-langpack All Versions
CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option (low) CVE-2016-10228 Low 8:glibc-common All Versions
CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option (low) CVE-2016-10228 Low 8:glibc All Versions
CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option (low) CVE-2016-10228 Low 8:glibc-locale-source All Versions
CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option (low) CVE-2016-10228 Low 8:glibc-langpack-en All Versions
CVE-2018-16429 glib2: Out-of-bounds read in g_markup_parse_context_parse() in gmarkup.c (low) CVE-2018-16429 Low 8:glib2 All Versions
CVE-2018-18607 binutils: NULL pointer dereference in elf_link_input_bfd in elflink.c (low) CVE-2018-18607 Low 8:binutils All Versions
CVE-2019-11038 gd: Information disclosure in gdImageCreateFromXbm() (low) CVE-2019-11038 Low 8:gd All Versions
CVE-2021-20193 tar: Memory leak in read_header() in list.c (low) CVE-2021-20193 Low 8:tar All Versions
CVE-2018-12934 binutils: Uncontrolled Resource Consumption in remember_Ktype in cplus-dem.c (low) CVE-2018-12934 Low 8:binutils All Versions
CVE-2018-1121 procps-ng, procps: process hiding through race condition enumerating /proc (low) CVE-2018-1121 Low 8:procps-ng All Versions
CVE-2017-15897 nodejs: Unitialized buffer due to incorrect encoding (low) CVE-2017-15897 Low 8:nodejs-full-i18n All Versions
CVE-2017-15897 nodejs: Unitialized buffer due to incorrect encoding (low) CVE-2017-15897 Low 8:nodejs All Versions
CVE-2017-15897 nodejs: Unitialized buffer due to incorrect encoding (low) CVE-2017-15897 Low 8:npm All Versions
CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low) CVE-2018-1000654 Low 8:libtasn1 All Versions
CVE-2020-35493 binutils: heap-based buffer overflow in bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file CVE-2020-35493 Low 8:binutils All Versions
CVE-2018-12698 binutils: excessive memory consumption in demangle_template in cplus-dem.c (low) CVE-2018-12698 Low 8:binutils All Versions
CVE-2018-10801 libtiff: memory leak in bmp2tiff tool (low) CVE-2018-10801 Low 8:libtiff All Versions
CVE-2018-12700 binutils: Stack Exhaustion in debug_write_type in debug.c (low) CVE-2018-12700 Low 8:binutils All Versions
CVE-2018-12699 binutils: heap-based buffer overflow in finish_stab in stabs.c (low) CVE-2018-12699 Low 8:binutils All Versions
CVE-2018-17360 binutils: heap-based buffer over-read in bfd_getl32 in libbfd.c (low) CVE-2018-17360 Low 8:binutils All Versions
CVE-2018-12641 binutils: Stack Exhaustion in the demangling functions provided by libiberty (low) CVE-2018-12641 Low 8:binutils All Versions
CVE-2018-18701 binutils: infinite recursion in next_is_type_qual and cplus_demangle_type functions in cp-demangle.c (low) CVE-2018-18701 Low 8:binutils All Versions
CVE-2018-16428 glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c (low) CVE-2018-16428 Low 8:glib2 All Versions
CVE-2018-17985 binutils: Stack consumption problem caused by the cplus_demangle_type (low) CVE-2018-17985 Low 8:binutils All Versions
CVE-2018-18700 binutils: Recursive Stack Overflow within function d_name, d_encoding, and d_local_name in cp-demangle.c (low) CVE-2018-18700 Low 8:binutils All Versions
CVE-2018-18483 binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service (low) CVE-2018-18483 Low 8:binutils All Versions
CVE-2018-18484 binutils: Stack exhaustion in cp-demangle.c allows for denial of service (low) CVE-2018-18484 Low 8:binutils All Versions
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) CVE-2018-19211 Low 8:ncurses-base All Versions
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) CVE-2018-19211 Low 8:ncurses-libs All Versions
CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) CVE-2018-19211 Low 8:ncurses All Versions
CVE-2019-13117 libxslt: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers (low) CVE-2019-13117 Low 8:libxslt All Versions
CVE-2020-35507 binutils: NULL pointer dereference in bfd_pef_parse_function_stubs function in bfd/pef.c CVE-2020-35507 Low 8:binutils All Versions
CVE-2020-35495 binutils: NULL pointer dereference in bfd_pef_parse_symbols function in bfd/pef.c CVE-2020-35495 Low 8:binutils All Versions
CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low) CVE-2019-8906 Low 8:file-libs All Versions
CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low) CVE-2019-8906 Low 8:file All Versions
CVE-2019-9071 binutils: stack consumption in function d_count_templates_scopes in cp-demangle.c (low) CVE-2019-9071 Low 8:binutils All Versions
CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low) CVE-2018-1000879 Low 8:libarchive All Versions
CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low) CVE-2018-1000879 Low 8:bsdtar All Versions
CVE-2020-24370 lua: segmentation fault in getlocal and setlocal functions in ldebug.c (low) CVE-2020-24370 Low 8:lua-libs All Versions
CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low) CVE-2019-9936 Low 8:sqlite-libs All Versions
CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low) CVE-2019-9936 Low 8:sqlite All Versions
CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low) CVE-2018-1000880 Low 8:libarchive All Versions
CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low) CVE-2018-1000880 Low 8:bsdtar All Versions
CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low) CVE-2019-8905 Low 8:file-libs All Versions
CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low) CVE-2019-8905 Low 8:file All Versions
CVE-2018-18309 binutils: invalid memory address dereference in read_reloc in reloc.c (low) CVE-2018-18309 Low 8:binutils All Versions
CVE-2018-20651 binutils: NULL pointer dereference in elf_link_add_object_symbols function resulting in a denial of service (low) CVE-2018-20651 Low 8:binutils All Versions
CVE-2019-20838 pcre: buffer over-read in JIT when UTF is disabled (low) CVE-2019-20838 Low 8:pcre All Versions
CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low) CVE-2019-9937 Low 8:sqlite-libs All Versions
CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low) CVE-2019-9937 Low 8:sqlite All Versions
CVE-2018-19932 binutils: Integer overflow due to the IS_CONTAINED_BY_LMA macro resulting in a denial of service (low) CVE-2018-19932 Low 8:binutils All Versions
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) CVE-2018-19217 Low 8:ncurses-base All Versions
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) CVE-2018-19217 Low 8:ncurses-libs All Versions
CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) CVE-2018-19217 Low 8:ncurses All Versions
CVE-2018-5360 LibTIFF: heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c (low) CVE-2018-5360 Low 8:libtiff All Versions
CVE-2018-6872 binutils: out of bounds read in elf_parse_notes function in elf.c file in libbfd library (low) CVE-2018-6872 Low 8:binutils All Versions
CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (low) CVE-2021-27645 Low 8:glibc All Versions
CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (low) CVE-2021-27645 Low 8:glibc-common All Versions
CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (low) CVE-2021-27645 Low 8:glibc-minimal-langpack All Versions
CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (low) CVE-2021-27645 Low 8:glibc-langpack-en All Versions
CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (low) CVE-2021-27645 Low 8:glibc-locale-source All Versions
CVE-2019-18276 bash: when effective UID is not equal to its real UID the saved UID is not dropped (low) CVE-2019-18276 Low 8:bash All Versions
CVE-2018-20786 libvterm: NULL pointer dereference in vterm_screen_set_callbacks (low) CVE-2018-20786 Low 8:vim-minimal All Versions
CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low) CVE-2019-12900 Low 8:bzip2-libs All Versions
CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low) CVE-2019-12900 Low 8:bzip2 All Versions
CVE-2019-2708 libdb: Denial of service in the Data Store component (low) CVE-2019-2708 Low 8:libdb All Versions
CVE-2019-2708 libdb: Denial of service in the Data Store component (low) CVE-2019-2708 Low 8:libdb-utils All Versions
CVE-2019-13118 libxslt: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character (low) CVE-2019-13118 Low 8:libxslt All Versions
CVE-2018-10779 libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c (low) CVE-2018-10779 Low 8:libtiff All Versions
CVE-2018-12697 binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. (low) CVE-2018-12697 Low 8:binutils All Versions
CVE-2018-17794 binutils: NULL pointer dereference in libiberty/cplus-dem.c:work_stuff_copy_to_from() via crafted input (low) CVE-2018-17794 Low 8:binutils All Versions
CVE-2018-18606 binutils: NULL pointer dereference in _bfd_add_merge_section in merge_strings function in merge.c (low) CVE-2018-18606 Low 8:binutils All Versions
CVE-2018-19210 libtiff: NULL pointer dereference in TIFFWriteDirectorySec function in tif_dirwrite.c (low) CVE-2018-19210 Low 8:libtiff All Versions
CVE-2018-20002 binutils: memory leak in _bfd_generic_read_minisymbols function in syms.c (low) CVE-2018-20002 Low 8:binutils All Versions
CVE-2018-5711 gd: Infinite loop in gdImageCreateFromGifCtx() in gd_gif_in.c (low) CVE-2018-5711 Low 8:gd All Versions
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low 8:libgcc All Versions
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low 8:libstdc++ All Versions
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low 8:libgomp All Versions
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low 8:binutils All Versions
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low 8:gcc All Versions
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low 8:gcc-c++ All Versions
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low 8:cpp All Versions
CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) CVE-2019-14250 Low 8:gcc-gdb-plugin All Versions
CVE-2019-6128 libtiff: memory leak in TIFFFdOpen function in tif_unix.c when using pal2rgb (low) CVE-2019-6128 Low 8:libtiff All Versions
CVE-2019-13012 glib2: insecure permissions for files and directories (low) CVE-2019-13012 Low 8:glib2 All Versions
CVE-2019-20633 patch: double free in another_hunk function in pch.c (low) CVE-2019-20633 Low 8:patch All Versions
CVE-2019-9923 tar: null-pointer dereference in pax_decode_header in sparse.c (low) CVE-2019-9923 Low 8:tar All Versions
CVE-2020-14155 pcre: integer overflow in libpcre (low) CVE-2020-14155 Low 8:pcre All Versions
CVE-2020-16135 libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (low) CVE-2020-16135 Low 8:libssh All Versions
CVE-2020-16135 libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (low) CVE-2020-16135 Low 8:libssh-config All Versions
CVE-2018-15919 openssh: User enumeration via malformed packets in authentication requests (low) CVE-2018-15919 Low 8:openssh-clients All Versions
CVE-2018-15919 openssh: User enumeration via malformed packets in authentication requests (low) CVE-2018-15919 Low 8:openssh All Versions
CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (low) CVE-2020-27618 Low 8:glibc All Versions
CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (low) CVE-2020-27618 Low 8:glibc-common All Versions
CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (low) CVE-2020-27618 Low 8:glibc-minimal-langpack All Versions
CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (low) CVE-2020-27618 Low 8:glibc-locale-source All Versions
CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (low) CVE-2020-27618 Low 8:glibc-langpack-en All Versions
CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (low) CVE-2020-8231 Low 8:curl All Versions
CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (low) CVE-2020-8231 Low 8:libcurl All Versions
CVE-2020-35512 dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour (low) CVE-2020-35512 Low 8:dbus All Versions
CVE-2020-35512 dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour (low) CVE-2020-35512 Low 8:dbus-common All Versions
CVE-2020-35512 dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour (low) CVE-2020-35512 Low 8:dbus-daemon All Versions
CVE-2020-35512 dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour (low) CVE-2020-35512 Low 8:dbus-libs All Versions
CVE-2020-35512 dbus: users with the same numeric UID could lead to use-after-free and undefined behaviour (low) CVE-2020-35512 Low 8:dbus-tools All Versions
CVE-2020-35521 libtiff: Memory allocation failure in tiff2rgba (low) CVE-2020-35521 Low 8:libtiff All Versions
CVE-2020-35494 binutils: usage of unitialized heap in tic4x_print_cond function in opcodes/tic4x-dis.c CVE-2020-35494 Low 8:binutils All Versions
CVE-2020-35496 binutils: NULL pointer dereference in bfd_pef_scan_start_address function in bfd/pef.c CVE-2020-35496 Low 8:binutils All Versions
zencircle commented 3 years ago

I see that version 1.2.5 was released, but there are still medium and high CVEs (List from Twsitlock Scanner)

Repository Tag CVE ID Severity Packages Package Version Fix Status Description
splunk/fluentd-hec 1.2.5 CVE-2020-7774 high y18n 4.0.0 fixed in 5.0.5, 4.0.1, 3.2.2 This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require(\'y18n\')(); y18n.setLocale(\'proto\'); y18n.updateLocale({polluted: true}); console.log(polluted); // true
splunk/fluentd-hec 1.2.5 CVE-2021-23362 medium hosted-git-info 2.8.8 fixed in 3.0.8 The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
splunk/fluentd-hec 1.2.5 CVE-2020-7754 high npm-user-validate 1.0.0 fixed in 1.0.1 This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
splunk/fluentd-hec 1.2.5 CVE-2021-27290 high ssri 6.0.1 fixed in 8.0.1 ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
splunk/fluentd-hec 1.2.5 CVE-2020-8287 medium node 14.15.1 fixed in 10.23.1 Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
splunk/fluentd-hec 1.2.5 CVE-2020-8265 high node 14.15.1 fixed in 10.23.1 Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
splunk/fluentd-hec 1.2.5 CVE-2021-22883 high node 14.15.1 fixed in 10.24.0 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an \'unknownProtocol\' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
splunk/fluentd-hec 1.2.5 CVE-2021-22884 high node 14.15.1 fixed in 10.24.0 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim\'s DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
splunk/fluentd-hec 1.2.5 CVE-2020-8287 medium node 14.15.1 fixed in 10.23.1 Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
splunk/fluentd-hec 1.2.5 CVE-2020-8265 high node 14.15.1 fixed in 10.23.1 Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
splunk/fluentd-hec 1.2.5 CVE-2021-22883 high node 14.15.1 fixed in 10.24.0 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an \'unknownProtocol\' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
splunk/fluentd-hec 1.2.5 CVE-2021-22884 high node 14.15.1 fixed in 10.24.0 Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim\'s DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
niteenkole commented 3 years ago

we now on 1.47,looks way better.Listing below which only has fix.

<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">

cves | description | feed_rating | fixed_version | link | package_name | package_version | score | score_v3 | severity -- | -- | -- | -- | -- | -- | -- | -- | -- | -- CVE-2020-25694,CVE-2020-25696 | The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.  The following packages have been upgraded to a later upstream version: libpq (12.5). (BZ#1898226, BZ#1901561) Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | Important | 12.5-2.el8_1 | https://access.redhat.com/errata/RHSA-2021:0165 | libpq | 12.5-1.el8_3 | 6.8 | 8.1 | High CVE-2020-25694,CVE-2020-25696 | The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.  The following packages have been upgraded to a later upstream version: libpq (12.5). (BZ#1898226, BZ#1901561) Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. | Important | 12.5-2.el8_1 | https://access.redhat.com/errata/RHSA-2021:0165 | libpq-devel | 12.5-1.el8_3 | 6.8 | 8.1 | High CVE-2020-7774 | Prototype Pollution `y18n` before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to prototype pollution. ## POC ``` const y18n = require('y18n')();   y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true ``` recommendation: Upgrade to version 3.2.2, 4.0.1, 5.0.5 or latercwe=(CWE-1321) |   | >=5.0.5; OR >=4.0.1;<5.0.0; OR >=3.2.2;<4.0.0 | https://www.npmjs.com/advisories/1654 | usr/local/lib/node_modules/npm/node_modules/y18n/package.json | 4.0.0 | 7.5 | 7.3 | High CVE-2020-7774 | Prototype Pollution `y18n` before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to prototype pollution. ## POC ``` const y18n = require('y18n')();   y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true ``` recommendation: Upgrade to version 3.2.2, 4.0.1, 5.0.5 or latercwe=(CWE-1321) |   | >=5.0.5; OR >=4.0.1;<5.0.0; OR >=3.2.2;<4.0.0 | https://www.npmjs.com/advisories/1654 | usr/local/n/versions/node/14.15.1/lib/node_modules/npm/node_modules/y18n/package.json | 4.0.0 | 7.5 | 7.3 | High CVE-2020-8165 | Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore/nThere is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like: ``` data = cache.fetch('demo', raw: true) { untrusted_string } ``` Versions Affected:  rails < 5.2.5, rails < 6.0.4 Not affected:       Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input. Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1 Impact ------ Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum, this vulnerability allows an attacker to inject untrusted Ruby objects into a web application. In addition to upgrading to the latest versions of Rails, developers should ensure that whenever they are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both reading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes, detect if data was serialized using the raw option upon deserialization. Workarounds ----------- It is recommended that application developers apply the suggested patch or upgrade to the latest release as soon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using the `raw` argument should be double-checked to ensure that they conform to the expected format. |   | >=5.2.4.3,5.2; OR >=6.0.3.1 | https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c | usr/share/gems/specifications/activesupport-5.2.4.5 | 5.2.4.5 | 7.5 | 9.8 | High CVE-2021-28965 | Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2021-28965. |   | >=3.2.5 | https://access.redhat.com/security/cve/CVE-2021-28965 | usr/share/gems/specifications/default/rexml-3.2.3 | 3.2.3 | 5 | 7.5 | High CVE-2020-25613 | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. | >=1.6.1 | https://access.redhat.com/security/cve/CVE-2020-25613 | usr/share/gems/specifications/default/webrick-1.6.0 | 1.6.0 | 5 | 7.5 | High CVE-2019-3866 | DOCUMENTATION: An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable.  A malicious system user could exploit this flaw to access sensitive user information.             STATEMENT: In Red Hat OpenStack Platform 10/13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP10/13 openstack-mistral package.             MITIGATION: Plain text information can be masked by ensuring that all mistral log files are not world readable. | Moderate | 1:2.8.0-1.el8ost | https://access.redhat.com/security/cve/CVE-2019-3866 | python3-dateutil | 1:2.6.1-6.el8 | 2.1 | 5.5 | Medium CVE-2019-3866 | DOCUMENTATION: An information-exposure vulnerability was discovered where openstack-mistral's undercloud log files containing clear-text information were made world readable.  A malicious system user could exploit this flaw to access sensitive user information.             STATEMENT: In Red Hat OpenStack Platform 10/13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP10/13 openstack-mistral package.             MITIGATION: Plain text information can be masked by ensuring that all mistral log files are not world readable. | Moderate | 1.12.0-1.el8ost | https://access.redhat.com/security/cve/CVE-2019-3866 | python3-six | 1.11.0-8.el8 | 2.1 | 5.5 | Medium   | Denial of Service Versions of `protobufjs` before 5.0.3 and 6.8.6 are vulnerable to denial of service when parsing crafted invalid *.proto files. recommendation: Update to version 5.0.3, 6.8.6 or later.cwe=(CWE-400) |   | >=6.0.2;<7.0.0; OR >=8.0.1 | https://www.npmjs.com/advisories/605 | usr/local/lib/node_modules/npm/node_modules/ssri/package.json | 6.0.1 | 0 | 0 | Medium   | Denial of Service Versions of `protobufjs` before 5.0.3 and 6.8.6 are vulnerable to denial of service when parsing crafted invalid *.proto files. recommendation: Update to version 5.0.3, 6.8.6 or later.cwe=(CWE-400) |   | >=6.0.2;<7.0.0; OR >=8.0.1 | https://www.npmjs.com/advisories/605 | usr/local/n/versions/node/14.15.1/lib/node_modules/npm/node_modules/ssri/package.json | 6.0.1 | 0 | 0 | Medium CVE-2021-31799 | RDoc OS command injection vulnerability/nRDoc used to call `Kernel#open` to open a local file. If a Ruby project has a file whose name starts with `\|` and ends with `tags`, the command following the pipe character is executed. A malicious Ruby project could exploit it to run an arbitrary command execution against a user who attempts to run `rdoc` command. |   | >=6.3.1 | https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ | usr/share/gems/specifications/rdoc-6.2.1 | 6.2.1 | 5 | 5 | Medium

zencircle commented 3 years ago

can we have access to Dockerfile so we can build images are ourselves. Splunk build process is very confusing since there are daily updates but no change in version numbers or fix to the CVEs image

vinzent commented 3 years ago

@rockb1017 it's really bit confusing to have the tag updated with new image content. Why is this?

@zencircle dockerfile is probably this: https://github.com/splunk/fluent-plugin-splunk-hec/tree/develop/docker

github-actions[bot] commented 2 years ago

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] commented 2 years ago

This issue was closed because it has been inactive for 14 days since being marked as stale.