truecharts.local
/
catalog
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
catalog/stable/authelia/8.0.7/sec-scan.md

3137 lines
440 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Security Scan
## Helm-Chart
##### Scan Results
```
2021-12-03T22:24:36.061Z INFO Need to update the built-in policies
2021-12-03T22:24:36.061Z INFO Downloading the built-in policies...
2021-12-03T22:24:37.192Z INFO Detected config files: 3
authelia/charts/postgresql/templates/common.yaml (kubernetes)
=============================================================
Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0)
Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0)
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-postgresql' of |
| | | | | StatefulSet 'RELEASE-NAME-postgresql' |
| | | | | should add 'ALL' to |
| | | | | 'securityContext.capabilities.drop' |
| | | | | -->avd.aquasec.com/appshield/ksv003 |
+ +------------+-----------------------------------------+----------+----------------------------------------------+
| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-postgresql' should set |
| | | | | 'securityContext.runAsNonRoot' to true |
| | | | | -->avd.aquasec.com/appshield/ksv012 |
+ +------------+-----------------------------------------+----------+----------------------------------------------+
| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-postgresql' of |
| | | | | StatefulSet 'RELEASE-NAME-postgresql' |
| | | | | should specify an image tag |
| | | | | -->avd.aquasec.com/appshield/ksv013 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' of |
| | | | | StatefulSet 'RELEASE-NAME-postgresql' |
| | | | | should specify an image tag |
| | | | | -->avd.aquasec.com/appshield/ksv013 |
+ +------------+-----------------------------------------+ +----------------------------------------------+
| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-postgresql' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-postgresql' should set |
| | | | | 'securityContext.readOnlyRootFilesystem' |
| | | | | to true |
| | | | | -->avd.aquasec.com/appshield/ksv014 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-postgresql' should set |
| | | | | 'securityContext.readOnlyRootFilesystem' |
| | | | | to true |
| | | | | -->avd.aquasec.com/appshield/ksv014 |
+ +------------+-----------------------------------------+----------+----------------------------------------------+
| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-postgresql' of |
| | | | | StatefulSet 'RELEASE-NAME-postgresql' |
| | | | | should specify a seccomp profile |
| | | | | -->avd.aquasec.com/appshield/ksv019 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' of |
| | | | | StatefulSet 'RELEASE-NAME-postgresql' |
| | | | | should specify a seccomp profile |
| | | | | -->avd.aquasec.com/appshield/ksv019 |
+ +------------+-----------------------------------------+ +----------------------------------------------+
| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-postgresql' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-postgresql' should set |
| | | | | 'securityContext.runAsUser' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv020 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-postgresql' should set |
| | | | | 'securityContext.runAsUser' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv020 |
+ +------------+-----------------------------------------+ +----------------------------------------------+
| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-postgresql' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-postgresql' should set |
| | | | | 'securityContext.runAsGroup' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv021 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-postgresql' should set |
| | | | | 'securityContext.runAsGroup' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv021 |
+ +------------+-----------------------------------------+----------+----------------------------------------------+
| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-postgresql' should |
| | | | | set 'spec.securityContext.runAsGroup', |
| | | | | 'spec.securityContext.supplementalGroups[*]' |
| | | | | and 'spec.securityContext.fsGroup' |
| | | | | to integer greater than 0 |
| | | | | -->avd.aquasec.com/appshield/ksv029 |
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
authelia/charts/redis/templates/common.yaml (kubernetes)
========================================================
Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0)
Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0)
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' |
| | | | | should add 'ALL' to |
| | | | | 'securityContext.capabilities.drop' |
| | | | | -->avd.aquasec.com/appshield/ksv003 |
+ +------------+-----------------------------------------+----------+----------------------------------------------+
| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
| | | | | set 'securityContext.runAsNonRoot' to |
| | | | | true -->avd.aquasec.com/appshield/ksv012 |
+ +------------+-----------------------------------------+----------+----------------------------------------------+
| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' |
| | | | | should specify an image tag |
| | | | | -->avd.aquasec.com/appshield/ksv013 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' |
| | | | | should specify an image tag |
| | | | | -->avd.aquasec.com/appshield/ksv013 |
+ +------------+-----------------------------------------+ +----------------------------------------------+
| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-redis' should set |
| | | | | 'securityContext.readOnlyRootFilesystem' |
| | | | | to true |
| | | | | -->avd.aquasec.com/appshield/ksv014 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' |
| | | | | of StatefulSet |
| | | | | 'RELEASE-NAME-redis' should set |
| | | | | 'securityContext.readOnlyRootFilesystem' |
| | | | | to true |
| | | | | -->avd.aquasec.com/appshield/ksv014 |
+ +------------+-----------------------------------------+----------+----------------------------------------------+
| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' |
| | | | | should specify a seccomp profile |
| | | | | -->avd.aquasec.com/appshield/ksv019 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' |
| | | | | should specify a seccomp profile |
| | | | | -->avd.aquasec.com/appshield/ksv019 |
+ +------------+-----------------------------------------+ +----------------------------------------------+
| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
| | | | | set 'securityContext.runAsUser' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv020 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
| | | | | set 'securityContext.runAsUser' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv020 |
+ +------------+-----------------------------------------+ +----------------------------------------------+
| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
| | | | | set 'securityContext.runAsGroup' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv021 |
+ + + + +----------------------------------------------+
| | | | | Container 'autopermissions' of |
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
| | | | | set 'securityContext.runAsGroup' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv021 |
+ +------------+-----------------------------------------+----------+----------------------------------------------+
| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should |
| | | | | set 'spec.securityContext.runAsGroup', |
| | | | | 'spec.securityContext.supplementalGroups[*]' |
| | | | | and 'spec.securityContext.fsGroup' |
| | | | | to integer greater than 0 |
| | | | | -->avd.aquasec.com/appshield/ksv029 |
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
authelia/templates/common.yaml (kubernetes)
===========================================
Tests: 46 (SUCCESSES: 28, FAILURES: 18, EXCEPTIONS: 0)
Failures: 18 (UNKNOWN: 0, LOW: 6, MEDIUM: 12, HIGH: 0, CRITICAL: 0)
+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | Container 'postgresql-init' of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.allowPrivilegeEscalation' |
| | | | | to false |
| | | | | -->avd.aquasec.com/appshield/ksv001 |
+ +------------+----------------------------------------+----------+--------------------------------------------+
| | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-authelia' of |
| | | | | Deployment 'RELEASE-NAME-authelia' |
| | | | | should add 'ALL' to |
| | | | | 'securityContext.capabilities.drop' |
| | | | | -->avd.aquasec.com/appshield/ksv003 |
+ +------------+----------------------------------------+----------+--------------------------------------------+
| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.runAsNonRoot' to true |
| | | | | -->avd.aquasec.com/appshield/ksv012 |
+ + + + +--------------------------------------------+
| | | | | Container 'postgresql-init' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.runAsNonRoot' to true |
| | | | | -->avd.aquasec.com/appshield/ksv012 |
+ +------------+----------------------------------------+----------+--------------------------------------------+
| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-authelia' of |
| | | | | Deployment 'RELEASE-NAME-authelia' |
| | | | | should specify an image tag |
| | | | | -->avd.aquasec.com/appshield/ksv013 |
+ + + + +--------------------------------------------+
| | | | | Container 'autopermissions' of |
| | | | | Deployment 'RELEASE-NAME-authelia' |
| | | | | should specify an image tag |
| | | | | -->avd.aquasec.com/appshield/ksv013 |
+ + + + +--------------------------------------------+
| | | | | Container 'postgresql-init' of |
| | | | | Deployment 'RELEASE-NAME-authelia' |
| | | | | should specify an image tag |
| | | | | -->avd.aquasec.com/appshield/ksv013 |
+ +------------+----------------------------------------+ +--------------------------------------------+
| | KSV014 | Root file system is not read-only | | Container 'autopermissions' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.readOnlyRootFilesystem' |
| | | | | to true |
| | | | | -->avd.aquasec.com/appshield/ksv014 |
+ + + + +--------------------------------------------+
| | | | | Container 'postgresql-init' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.readOnlyRootFilesystem' |
| | | | | to true |
| | | | | -->avd.aquasec.com/appshield/ksv014 |
+ +------------+----------------------------------------+----------+--------------------------------------------+
| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-authelia' of |
| | | | | Deployment 'RELEASE-NAME-authelia' |
| | | | | should specify a seccomp profile |
| | | | | -->avd.aquasec.com/appshield/ksv019 |
+ + + + +--------------------------------------------+
| | | | | Container 'autopermissions' of |
| | | | | Deployment 'RELEASE-NAME-authelia' |
| | | | | should specify a seccomp profile |
| | | | | -->avd.aquasec.com/appshield/ksv019 |
+ + + + +--------------------------------------------+
| | | | | Container 'postgresql-init' of |
| | | | | Deployment 'RELEASE-NAME-authelia' |
| | | | | should specify a seccomp profile |
| | | | | -->avd.aquasec.com/appshield/ksv019 |
+ +------------+----------------------------------------+ +--------------------------------------------+
| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-authelia' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.runAsUser' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv020 |
+ + + + +--------------------------------------------+
| | | | | Container 'autopermissions' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.runAsUser' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv020 |
+ + + + +--------------------------------------------+
| | | | | Container 'postgresql-init' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.runAsUser' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv020 |
+ +------------+----------------------------------------+ +--------------------------------------------+
| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-authelia' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.runAsGroup' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv021 |
+ + + + +--------------------------------------------+
| | | | | Container 'autopermissions' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.runAsGroup' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv021 |
+ + + + +--------------------------------------------+
| | | | | Container 'postgresql-init' |
| | | | | of Deployment |
| | | | | 'RELEASE-NAME-authelia' should set |
| | | | | 'securityContext.runAsGroup' > 10000 |
| | | | | -->avd.aquasec.com/appshield/ksv021 |
+---------------------------+------------+----------------------------------------+----------+--------------------------------------------+
```
## Containers
##### Detected Containers
ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe
tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d
ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07
ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe
##### Scan Results
**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c**
```
2021-12-03T22:24:37.301Z INFO Need to update DB
2021-12-03T22:24:37.301Z INFO Downloading DB...
2021-12-03T22:24:41.371Z INFO Detected OS: alpine
2021-12-03T22:24:41.371Z INFO Detecting Alpine vulnerabilities...
2021-12-03T22:24:41.373Z INFO Number of language-specific files: 0
ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
=========================================================================================================================
Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0)
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42379 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42380 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42381 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42382 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42383 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42384 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42385 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42386 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
| | | | | | in unlzma applet leads to |
| | | | | | information leak and denial... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
| | | | | | of a special element in |
| | | | | | ash applet leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
+------------+------------------+----------+ +---------------+---------------------------------------+
| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42379 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42380 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42381 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42382 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42383 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42384 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42385 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42386 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
| | | | | | in unlzma applet leads to |
| | | | | | information leak and denial... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
| | | | | | of a special element in |
| | | | | | ash applet leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
```
**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe**
```
2021-12-03T22:24:44.845Z INFO Detected OS: debian
2021-12-03T22:24:44.845Z INFO Detecting Debian vulnerabilities...
2021-12-03T22:24:44.865Z INFO Number of language-specific files: 2
2021-12-03T22:24:44.865Z INFO Detecting gobinary vulnerabilities...
2021-12-03T22:24:44.865Z INFO Detecting jar vulnerabilities...
bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11)
================================================================================================================
Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8)
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, |
| | | | | | all versions, do not correctly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not |
| | | | | | equal to its real UID the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-18018 | | | | coreutils: race condition |
| | | | | | vulnerability in chown and chgrp |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
| | | | | | TLS not properly enforced |
| | | | | | for IMAP, POP3, and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
| | | | | | received before STARTTLS |
| | | | | | processed after TLS handshake |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
| | | | | | contents disclosure |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22922 | | | | curl: Content not matching hash |
| | | | | | in Metalink is not being discarded |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22923 | | | | curl: Metalink download |
| | | | | | sends credentials |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
| | | | | | due to flawed path name checks |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification |
| | | | | | Forgeries with SHA-1 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, |
| | | | | | all versions, do not correctly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+
| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+
| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
| | | | | | TLS not properly enforced |
| | | | | | for IMAP, POP3, and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
| | | | | | received before STARTTLS |
| | | | | | processed after TLS handshake |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
| | | | | | contents disclosure |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22922 | | | | curl: Content not matching hash |
| | | | | | in Metalink is not being discarded |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22923 | | | | curl: Metalink download |
| | | | | | sends credentials |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
| | | | | | due to flawed path name checks |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal |
| | | | | | encryption because it lacks |
| | | | | | exponent blinding to address a... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack |
| | | | | | allowing private key leak |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation |
| | | | | | doesn't have semantic security due |
| | | | | | to incorrectly encoded plaintexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant |
| | | | | | buffer overflow via crafted input |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext |
| | | | | | attack against SSL/TLS (BEAST) |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
| | | | | | fails to perform the roundtrip |
| | | | | | checks specified in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libkrb5-3 | CVE-2004-0971 | | | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libkrb5support0 | CVE-2004-0971 | | | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword |
| | | | | | mode cipherstring parsing |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to cause... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly |
| | | | | | matches name against CN-ID |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword |
| | | | | | mode cipherstring parsing |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to cause... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly |
| | | | | | matches name against CN-ID |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer |
| | | | | | overflow in LZ4_write32 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+ + + +---------------+ +
| libncursesw6 | | | | | |
| | | | | | |
| | | | | | |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS |
| | | | | | frames can lead to DoS |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when |
| | | | | | parsing callout numeric arguments |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the |
| | | | | | match function in pcre_exec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-16231 | | | | pcre: self-recursive call |
| | | | | | in match() in pcre_exec.c |
| | | | | | leads to denial of service... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow |
| | | | | | write in pcre32_copy_substring |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow |
| | | | | | write in pcre32_copy_substring |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT |
| | | | | | when UTF is disabled and \X or... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation |
| | | | | | of syscall filters in libseccomp |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in |
| | | | | | __cil_verify_classperms() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36085 | | | | libsepol: use-after-free in |
| | | | | | __cil_verify_classperms() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36086 | | | | libsepol: use-after-free in |
| | | | | | cil_reset_classpermission() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36087 | | | | libsepol: heap-based buffer |
| | | | | | overflow in ebitmap_match_any() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of |
| | | | | | certain SELECT statements with |
| | | | | | non-existent VIEW can lead to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via |
| | | | | | certain types of self-referential |
| | | | | | views in conjunction with... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19924 | | | | sqlite: incorrect |
| | | | | | sqlite3WindowRewrite() error |
| | | | | | handling leads to mishandling |
| | | | | | certain parser-tree rewriting |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13631 | | | | sqlite: Virtual table can be |
| | | | | | renamed into the name of one of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-19244 | LOW | | | sqlite: allows a crash |
| | | | | | if a sub-select uses both |
| | | | | | DISTINCT and window... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-11656 | | | | sqlite: use-after-free in the |
| | | | | | ALTER TABLE implementation |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation |
| | | | | | fault can occur in the |
| | | | | | sqlite3.exe command-line... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in |
| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
| | | | | | in kex.c leads to out-of-bounds write |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in |
| | | | | | SSH_MSG_DISCONNECT logic in packet.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser |
| | | | | | can create SUID/SGID binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
| | | | | | can get new privileges and |
| | | | | | create SGID binaries... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security contexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
| | | | | | in login/logind-button.c when |
| | | | | | udev events are received... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
| | | | | | authentication not implemented |
| | | | | | can cause a system running the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
| | | | | | usernames beginning with decimal |
| | | | | | digits or 0x followed by... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser |
| | | | | | can create SUID/SGID binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
| | | | | | can get new privileges and |
| | | | | | create SGID binaries... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security contexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
| | | | | | in login/logind-button.c when |
| | | | | | udev events are received... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
| | | | | | authentication not implemented |
| | | | | | can cause a system running the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
| | | | | | usernames beginning with decimal |
| | | | | | digits or 0x followed by... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion |
| | | | | | in parameter entities |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External |
| | | | | | Entity vulnerability |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in |
| | | | | | xslt uses unseeded randomness |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user to |
| | | | | | drop supplementary groups |
| | | | | | potentially allowing privilege... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users can |
| | | | | | obtain root access because setuid |
| | | | | | programs are misconfigured... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user to |
| | | | | | drop supplementary groups |
| | | | | | potentially allowing privilege... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users can |
| | | | | | obtain root access because setuid |
| | | | | | programs are misconfigured... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user |
| | | | | | when extracting setuid or setgid... |
| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
| | | | | | in pax_decode_header in sparse.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-20193 | | | | tar: Memory leak in |
| | | | | | read_header() in list.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
Java (jar)
==========
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
opt/bitnami/common/bin/gosu (gobinary)
======================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
```
**Container: tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d**
```
2021-12-03T22:24:46.760Z INFO Detected OS: alpine
2021-12-03T22:24:46.760Z WARN This OS version is not on the EOL list: alpine 3.15
2021-12-03T22:24:46.760Z INFO Detecting Alpine vulnerabilities...
2021-12-03T22:24:46.760Z INFO Number of language-specific files: 1
2021-12-03T22:24:46.760Z INFO Detecting gobinary vulnerabilities...
2021-12-03T22:24:46.761Z WARN This OS version is no longer supported by the distribution: alpine 3.15.0
2021-12-03T22:24:46.761Z WARN The vulnerability detection may be insufficient because security updates are not provided
tccr.io/truecharts/authelia:v4.33.0@sha256:8e5d19769c2c01fa8f3b5e96ccee2262b7a8aab1560ce3c40f80ee207be18f9d (alpine 3.15.0)
===========================================================================================================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
app/authelia (gobinary)
=======================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
```
**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c**
```
2021-12-03T22:24:47.657Z INFO Detected OS: alpine
2021-12-03T22:24:47.657Z INFO Detecting Alpine vulnerabilities...
2021-12-03T22:24:47.664Z INFO Number of language-specific files: 0
ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
=========================================================================================================================
Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0)
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42379 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42380 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42381 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42382 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42383 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42384 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42385 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42386 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
| | | | | | in unlzma applet leads to |
| | | | | | information leak and denial... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
| | | | | | of a special element in |
| | | | | | ash applet leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
+------------+------------------+----------+ +---------------+---------------------------------------+
| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42379 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42380 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42381 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42382 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42383 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42384 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42385 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42386 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
| | | | | | in unlzma applet leads to |
| | | | | | information leak and denial... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
| | | | | | of a special element in |
| | | | | | ash applet leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
```
**Container: bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07**
```
2021-12-03T22:24:49.208Z INFO Detected OS: debian
2021-12-03T22:24:49.208Z INFO Detecting Debian vulnerabilities...
2021-12-03T22:24:49.225Z INFO Number of language-specific files: 2
2021-12-03T22:24:49.225Z INFO Detecting gobinary vulnerabilities...
bitnami/redis:6.2.6@sha256:61237e1fb2fbc54ad58141057591538d9563d992ba09cf789766a314e9433c07 (debian 10.11)
==========================================================================================================
Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4)
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, |
| | | | | | all versions, do not correctly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not |
| | | | | | equal to its real UID the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-18018 | | | | coreutils: race condition |
| | | | | | vulnerability in chown and chgrp |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
| | | | | | TLS not properly enforced |
| | | | | | for IMAP, POP3, and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
| | | | | | received before STARTTLS |
| | | | | | processed after TLS handshake |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
| | | | | | contents disclosure |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22922 | | | | curl: Content not matching hash |
| | | | | | in Metalink is not being discarded |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22923 | | | | curl: Metalink download |
| | | | | | sends credentials |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
| | | | | | due to flawed path name checks |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification |
| | | | | | Forgeries with SHA-1 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, |
| | | | | | all versions, do not correctly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+
| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
| | | | | | TLS not properly enforced |
| | | | | | for IMAP, POP3, and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
| | | | | | received before STARTTLS |
| | | | | | processed after TLS handshake |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
| | | | | | contents disclosure |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22922 | | | | curl: Content not matching hash |
| | | | | | in Metalink is not being discarded |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22923 | | | | curl: Metalink download |
| | | | | | sends credentials |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
| | | | | | due to flawed path name checks |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal |
| | | | | | encryption because it lacks |
| | | | | | exponent blinding to address a... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack |
| | | | | | allowing private key leak |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation |
| | | | | | doesn't have semantic security due |
| | | | | | to incorrectly encoded plaintexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant |
| | | | | | buffer overflow via crafted input |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext |
| | | | | | attack against SSL/TLS (BEAST) |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
| | | | | | fails to perform the roundtrip |
| | | | | | checks specified in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libkrb5-3 | CVE-2004-0971 | | | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libkrb5support0 | CVE-2004-0971 | | | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword |
| | | | | | mode cipherstring parsing |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to cause... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly |
| | | | | | matches name against CN-ID |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword |
| | | | | | mode cipherstring parsing |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to cause... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly |
| | | | | | matches name against CN-ID |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer |
| | | | | | overflow in LZ4_write32 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+ + + +---------------+ +
| libncursesw6 | | | | | |
| | | | | | |
| | | | | | |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS |
| | | | | | frames can lead to DoS |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when |
| | | | | | parsing callout numeric arguments |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the |
| | | | | | match function in pcre_exec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-16231 | | | | pcre: self-recursive call |
| | | | | | in match() in pcre_exec.c |
| | | | | | leads to denial of service... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow |
| | | | | | write in pcre32_copy_substring |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow |
| | | | | | write in pcre32_copy_substring |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT |
| | | | | | when UTF is disabled and \X or... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation |
| | | | | | of syscall filters in libseccomp |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in |
| | | | | | __cil_verify_classperms() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36085 | | | | libsepol: use-after-free in |
| | | | | | __cil_verify_classperms() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36086 | | | | libsepol: use-after-free in |
| | | | | | cil_reset_classpermission() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36087 | | | | libsepol: heap-based buffer |
| | | | | | overflow in ebitmap_match_any() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in |
| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
| | | | | | in kex.c leads to out-of-bounds write |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in |
| | | | | | SSH_MSG_DISCONNECT logic in packet.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser |
| | | | | | can create SUID/SGID binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
| | | | | | can get new privileges and |
| | | | | | create SGID binaries... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security contexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
| | | | | | in login/logind-button.c when |
| | | | | | udev events are received... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
| | | | | | authentication not implemented |
| | | | | | can cause a system running the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
| | | | | | usernames beginning with decimal |
| | | | | | digits or 0x followed by... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser |
| | | | | | can create SUID/SGID binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
| | | | | | can get new privileges and |
| | | | | | create SGID binaries... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security contexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
| | | | | | in login/logind-button.c when |
| | | | | | udev events are received... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
| | | | | | authentication not implemented |
| | | | | | can cause a system running the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
| | | | | | usernames beginning with decimal |
| | | | | | digits or 0x followed by... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user to |
| | | | | | drop supplementary groups |
| | | | | | potentially allowing privilege... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users can |
| | | | | | obtain root access because setuid |
| | | | | | programs are misconfigured... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user to |
| | | | | | drop supplementary groups |
| | | | | | potentially allowing privilege... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users can |
| | | | | | obtain root access because setuid |
| | | | | | programs are misconfigured... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user |
| | | | | | when extracting setuid or setgid... |
| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
| | | | | | in pax_decode_header in sparse.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-20193 | | | | tar: Memory leak in |
| | | | | | read_header() in list.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
opt/bitnami/common/bin/gosu (gobinary)
======================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
opt/bitnami/common/bin/wait-for-port (gobinary)
===============================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
```
**Container: ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c**
```
2021-12-03T22:24:49.888Z INFO Detected OS: alpine
2021-12-03T22:24:49.888Z INFO Detecting Alpine vulnerabilities...
2021-12-03T22:24:49.897Z INFO Number of language-specific files: 0
ghcr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
=========================================================================================================================
Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0)
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42379 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42380 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42381 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42382 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42383 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42384 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42385 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42386 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
| | | | | | in unlzma applet leads to |
| | | | | | information leak and denial... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
| | | | | | of a special element in |
| | | | | | ash applet leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
+------------+------------------+----------+ +---------------+---------------------------------------+
| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42379 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42380 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42381 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42382 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42383 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42384 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42385 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
+ +------------------+ + + +---------------------------------------+
| | CVE-2021-42386 | | | | busybox: use-after-free in |
| | | | | | awk applet leads to denial |
| | | | | | of service and possibly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
+ +------------------+----------+ +---------------+---------------------------------------+
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
| | | | | | in unlzma applet leads to |
| | | | | | information leak and denial... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
+ +------------------+ + +---------------+---------------------------------------+
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
| | | | | | of a special element in |
| | | | | | ash applet leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
```
**Container: bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe**
```
2021-12-03T22:24:50.778Z INFO Detected OS: debian
2021-12-03T22:24:50.778Z INFO Detecting Debian vulnerabilities...
2021-12-03T22:24:50.800Z INFO Number of language-specific files: 2
2021-12-03T22:24:50.801Z INFO Detecting gobinary vulnerabilities...
2021-12-03T22:24:50.801Z INFO Detecting jar vulnerabilities...
bitnami/postgresql:14.1.0@sha256:bdfeb12b5f8ae8dedfc2f7cb18a0ba48959c4dacc19176292a2fffd0abacdebe (debian 10.11)
================================================================================================================
Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8)
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, |
| | | | | | all versions, do not correctly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not |
| | | | | | equal to its real UID the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged |
| | | | | | session can escape to the |
| | | | | | parent session in chroot |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-18018 | | | | coreutils: race condition |
| | | | | | vulnerability in chown and chgrp |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
| | | | | | TLS not properly enforced |
| | | | | | for IMAP, POP3, and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
| | | | | | received before STARTTLS |
| | | | | | processed after TLS handshake |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
| | | | | | contents disclosure |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22922 | | | | curl: Content not matching hash |
| | | | | | in Metalink is not being discarded |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22923 | | | | curl: Metalink download |
| | | | | | sends credentials |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
| | | | | | due to flawed path name checks |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification |
| | | | | | Forgeries with SHA-1 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, |
| | | | | | all versions, do not correctly... |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+
| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+
| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
| | | | | | TLS not properly enforced |
| | | | | | for IMAP, POP3, and... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
| | | | | | received before STARTTLS |
| | | | | | processed after TLS handshake |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
| | | | | | contents disclosure |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22922 | | | | curl: Content not matching hash |
| | | | | | in Metalink is not being discarded |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22923 | | | | curl: Metalink download |
| | | | | | sends credentials |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
| | | | | | due to flawed path name checks |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal |
| | | | | | encryption because it lacks |
| | | | | | exponent blinding to address a... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack |
| | | | | | allowing private key leak |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation |
| | | | | | doesn't have semantic security due |
| | | | | | to incorrectly encoded plaintexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant |
| | | | | | buffer overflow via crafted input |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext |
| | | | | | attack against SSL/TLS (BEAST) |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
| | | | | | fails to perform the roundtrip |
| | | | | | checks specified in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libkrb5-3 | CVE-2004-0971 | | | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libkrb5support0 | CVE-2004-0971 | | | | security flaw |
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-5709 | | | | krb5: integer overflow |
| | | | | | in dbentry->n_key_data |
| | | | | | in kadmin/dbutil/dump.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword |
| | | | | | mode cipherstring parsing |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to cause... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly |
| | | | | | matches name against CN-ID |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword |
| | | | | | mode cipherstring parsing |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
| | | | | | via PID file manipulation |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-17740 | | | | openldap: |
| | | | | | contrib/slapd-modules/nops/nops.c |
| | | | | | attempts to free stack buffer |
| | | | | | allowing remote attackers to cause... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-15719 | | | | openldap: Certificate |
| | | | | | validation incorrectly |
| | | | | | matches name against CN-ID |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer |
| | | | | | overflow in LZ4_write32 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+ + + +---------------+ +
| libncursesw6 | | | | | |
| | | | | | |
| | | | | | |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS |
| | | | | | frames can lead to DoS |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when |
| | | | | | parsing callout numeric arguments |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the |
| | | | | | match function in pcre_exec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-16231 | | | | pcre: self-recursive call |
| | | | | | in match() in pcre_exec.c |
| | | | | | leads to denial of service... |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow |
| | | | | | write in pcre32_copy_substring |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow |
| | | | | | write in pcre32_copy_substring |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT |
| | | | | | when UTF is disabled and \X or... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation |
| | | | | | of syscall filters in libseccomp |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in |
| | | | | | __cil_verify_classperms() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36085 | | | | libsepol: use-after-free in |
| | | | | | __cil_verify_classperms() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36086 | | | | libsepol: use-after-free in |
| | | | | | cil_reset_classpermission() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36087 | | | | libsepol: heap-based buffer |
| | | | | | overflow in ebitmap_match_any() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of |
| | | | | | certain SELECT statements with |
| | | | | | non-existent VIEW can lead to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via |
| | | | | | certain types of self-referential |
| | | | | | views in conjunction with... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19924 | | | | sqlite: incorrect |
| | | | | | sqlite3WindowRewrite() error |
| | | | | | handling leads to mishandling |
| | | | | | certain parser-tree rewriting |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13631 | | | | sqlite: Virtual table can be |
| | | | | | renamed into the name of one of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-19244 | LOW | | | sqlite: allows a crash |
| | | | | | if a sub-select uses both |
| | | | | | DISTINCT and window... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-11656 | | | | sqlite: use-after-free in the |
| | | | | | ALTER TABLE implementation |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation |
| | | | | | fault can occur in the |
| | | | | | sqlite3.exe command-line... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in |
| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
| | | | | | in kex.c leads to out-of-bounds write |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in |
| | | | | | SSH_MSG_DISCONNECT logic in packet.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
| | | | | | protection address in cfgexpand.c |
| | | | | | and function.c leads to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
| | | | | | produces repeated output |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser |
| | | | | | can create SUID/SGID binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
| | | | | | can get new privileges and |
| | | | | | create SGID binaries... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security contexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
| | | | | | in login/logind-button.c when |
| | | | | | udev events are received... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
| | | | | | authentication not implemented |
| | | | | | can cause a system running the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
| | | | | | usernames beginning with decimal |
| | | | | | digits or 0x followed by... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser |
| | | | | | can create SUID/SGID binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
| | | | | | can get new privileges and |
| | | | | | create SGID binaries... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
| | | | | | when updating file permissions |
| | | | | | and SELinux security contexts... |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
| | | | | | in login/logind-button.c when |
| | | | | | udev events are received... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
| | | | | | authentication not implemented |
| | | | | | can cause a system running the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
| | | | | | usernames beginning with decimal |
| | | | | | digits or 0x followed by... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion |
| | | | | | in parameter entities |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External |
| | | | | | Entity vulnerability |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in |
| | | | | | xslt uses unseeded randomness |
| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does |
| | | | | | not handle separately |
| | | | | | allocated thread attributes |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
| | | | | | backtrace functions for powerpc |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
| | | | | | function when expanding ~user |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
| | | | | | ISO-2022-JP-3 gconv module |
| | | | | | related to combining characters |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
| | | | | | iconv when processing invalid |
| | | | | | multi-byte input sequences in... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-10029 | | | | glibc: stack corruption |
| | | | | | from crafted input in cosl, |
| | | | | | sinl, sincosl, and tanl... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing |
| | | | | | invalid multi-byte input |
| | | | | | sequences fails to advance the... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
| | | | | | when invoked with the -c option |
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
| | | | | | not ignored in setuid binaries |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison |
| | | | | | vulnerability in the |
| | | | | | ARMv7 memcpy function |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
| | | | | | addgetnetgrentX function |
| | | | | | in netgroupcache.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user to |
| | | | | | drop supplementary groups |
| | | | | | potentially allowing privilege... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users can |
| | | | | | obtain root access because setuid |
| | | | | | programs are misconfigured... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
| | | | | | in _nc_captoinfo() in captoinfo.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
| | | | | | sets insecure permissions for |
| | | | | | the /var/log/btmp file,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
| | | | | | conditions by copying and |
| | | | | | removing directory trees |
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
| | | | | | allows unprivileged user to |
| | | | | | drop supplementary groups |
| | | | | | potentially allowing privilege... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-19882 | | | | shadow-utils: local users can |
| | | | | | obtain root access because setuid |
| | | | | | programs are misconfigured... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 |
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
| | | | | | temporary file handling |
| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user |
| | | | | | when extracting setuid or setgid... |
| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
| | | | | | in pax_decode_header in sparse.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 |
+ +------------------+ + +---------------+--------------------------------------------------------------+
| | CVE-2021-20193 | | | | tar: Memory leak in |
| | | | | | read_header() in list.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 |
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
| | | | | | can lead to buffer overflow |
| | | | | | in get_sem_elements() in |
| | | | | | sys-utils/ipcutils.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
Java (jar)
==========
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
opt/bitnami/common/bin/gosu (gobinary)
======================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
```
Reference in New Issue View Git Blame Copy Permalink