Multiple vulnerabilities present in dius/pact-broker image v2.68.1.0 #105
Description
Using trivvy to scan this container presents the following vulnerabilities:
➜ /usr/local/bin/trivy dius/pact-broker
2021-02-08T13:19:29.110+1100 WARN You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2021-02-08T13:20:08.337+1100 INFO Detecting Ubuntu vulnerabilities...
2021-02-08T13:20:08.347+1100 INFO Detecting vulnerabilities...
dius/pact-broker (ubuntu 20.04)
===============================
Total: 220 (UNKNOWN: 0, LOW: 104, MEDIUM: 116, HIGH: 0, CRITICAL: 0)
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | URL |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | | bash: when effective UID is | avd.aquasec.com/nvd/cve-2019-18276 |
| | | | | | not equal to its real UID | |
| | | | | | the... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| binutils | CVE-2017-13716 | | 2.34-6ubuntu1 | | binutils: Memory leak with the | avd.aquasec.com/nvd/cve-2017-13716 |
| | | | | | C++ symbol demangler routine | |
| | | | | | in libiberty | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in | avd.aquasec.com/nvd/cve-2018-20657 |
| | | | | | demangle_template function | |
| | | | | | resulting in a denial of | |
| | | | | | service... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in | avd.aquasec.com/nvd/cve-2018-20673 |
| | | | | | demangle_template() function | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-1010204 | | | | binutils: Improper Input | avd.aquasec.com/nvd/cve-2019-1010204 |
| | | | | | Validation, Signed/Unsigned | |
| | | | | | Comparison, Out-of-bounds | |
| | | | | | Read in gold/fileread.cc and | |
| | | | | | elfcpp/elfcpp_file.h... | |
+--------------------------------+------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| binutils-common | CVE-2017-13716 | | | | binutils: Memory leak with the | avd.aquasec.com/nvd/cve-2017-13716 |
| | | | | | C++ symbol demangler routine | |
| | | | | | in libiberty | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in | avd.aquasec.com/nvd/cve-2018-20657 |
| | | | | | demangle_template function | |
| | | | | | resulting in a denial of | |
| | | | | | service... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in | avd.aquasec.com/nvd/cve-2018-20673 |
| | | | | | demangle_template() function | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-1010204 | | | | binutils: Improper Input | avd.aquasec.com/nvd/cve-2019-1010204 |
| | | | | | Validation, Signed/Unsigned | |
| | | | | | Comparison, Out-of-bounds | |
| | | | | | Read in gold/fileread.cc and | |
| | | | | | elfcpp/elfcpp_file.h... | |
+--------------------------------+------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| binutils-x86-64-linux-gnu | CVE-2017-13716 | | | | binutils: Memory leak with the | avd.aquasec.com/nvd/cve-2017-13716 |
| | | | | | C++ symbol demangler routine | |
| | | | | | in libiberty | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in | avd.aquasec.com/nvd/cve-2018-20657 |
| | | | | | demangle_template function | |
| | | | | | resulting in a denial of | |
| | | | | | service... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in | avd.aquasec.com/nvd/cve-2018-20673 |
| | | | | | demangle_template() function | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-1010204 | | | | binutils: Improper Input | avd.aquasec.com/nvd/cve-2019-1010204 |
| | | | | | Validation, Signed/Unsigned | |
| | | | | | Comparison, Out-of-bounds | |
| | | | | | Read in gold/fileread.cc and | |
| | | | | | elfcpp/elfcpp_file.h... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| bison | CVE-2020-24240 | | 2:3.5.1+dfsg-1 | | bison: use-after-free via | avd.aquasec.com/nvd/cve-2020-24240 |
| | | | | | crafted input file containing | |
| | | | | | a NULL byte can lead... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| coreutils | CVE-2016-2781 | | 8.30-3ubuntu2 | | coreutils: Non-privileged | avd.aquasec.com/nvd/cve-2016-2781 |
| | | | | | session can escape to the | |
| | | | | | parent session in chroot | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| cpp | CVE-2020-13844 | MEDIUM | 1.185.1ubuntu2 | | kernel: ARM straight-line | avd.aquasec.com/nvd/cve-2020-13844 |
| | | | | | speculation vulnerability | |
+--------------------------------+ + +-------------------------+-------------------------+ + +
| cpp-9 | | | 9.3.0-17ubuntu1~20.04 | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| dirmngr | CVE-2019-13050 | LOW | 2.2.19-3ubuntu2 | | GnuPG: interaction between the | avd.aquasec.com/nvd/cve-2019-13050 |
| | | | | | sks-keyserver code and GnuPG | |
| | | | | | allows for a Certificate... | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| g++ | CVE-2020-13844 | MEDIUM | 1.185.1ubuntu2 | | kernel: ARM straight-line | avd.aquasec.com/nvd/cve-2020-13844 |
| | | | | | speculation vulnerability | |
+--------------------------------+ + +-------------------------+-------------------------+ + +
| g++-9 | | | 9.3.0-17ubuntu1~20.04 | | | |
| | | | | | | |
+--------------------------------+ + +-------------------------+-------------------------+ + +
| gcc | | | 1.185.1ubuntu2 | | | |
| | | | | | | |
+--------------------------------+ + +-------------------------+-------------------------+ + +
| gcc-9 | | | 9.3.0-17ubuntu1~20.04 | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| gcc-9-base | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| git | CVE-2018-1000021 | LOW | 1:2.25.1-1ubuntu3 | | git: client prints server-sent | avd.aquasec.com/nvd/cve-2018-1000021 |
| | | | | | ANSI escape codes to the | |
| | | | | | terminal, allowing for... | |
+--------------------------------+ + + +-------------------------+ + +
| git-man | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| gpg | CVE-2019-13050 | | 2.2.19-3ubuntu2 | | GnuPG: interaction between the | avd.aquasec.com/nvd/cve-2019-13050 |
| | | | | | sks-keyserver code and GnuPG | |
| | | | | | allows for a Certificate... | |
+--------------------------------+ + + +-------------------------+ + +
| gpg-agent | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| gpgconf | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| gpgv | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libapparmor1 | CVE-2016-1585 | MEDIUM | 2.13.3-7ubuntu5.1 | | In all versions of AppArmor | avd.aquasec.com/nvd/cve-2016-1585 |
| | | | | | mount rules are accidentally | |
| | | | | | widened when compiled.... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libasan5 | CVE-2020-13844 | | 9.3.0-17ubuntu1~20.04 | | kernel: ARM straight-line | avd.aquasec.com/nvd/cve-2020-13844 |
| | | | | | speculation vulnerability | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libbinutils | CVE-2017-13716 | LOW | 2.34-6ubuntu1 | | binutils: Memory leak with the | avd.aquasec.com/nvd/cve-2017-13716 |
| | | | | | C++ symbol demangler routine | |
| | | | | | in libiberty | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in | avd.aquasec.com/nvd/cve-2018-20657 |
| | | | | | demangle_template function | |
| | | | | | resulting in a denial of | |
| | | | | | service... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in | avd.aquasec.com/nvd/cve-2018-20673 |
| | | | | | demangle_template() function | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-1010204 | | | | binutils: Improper Input | avd.aquasec.com/nvd/cve-2019-1010204 |
| | | | | | Validation, Signed/Unsigned | |
| | | | | | Comparison, Out-of-bounds | |
| | | | | | Read in gold/fileread.cc and | |
| | | | | | elfcpp/elfcpp_file.h... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libc-bin | CVE-2016-10228 | | 2.31-0ubuntu9.2 | | glibc: iconv program can | avd.aquasec.com/nvd/cve-2016-10228 |
| | | | | | hang when invoked with the -c | |
| | | | | | option | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-25013 | | | | glibc: buffer over-read in | avd.aquasec.com/nvd/cve-2019-25013 |
| | | | | | iconv when processing invalid | |
| | | | | | multi-byte input sequences | |
| | | | | | in... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing | avd.aquasec.com/nvd/cve-2020-27618 |
| | | | | | invalid multi-byte input | |
| | | | | | sequences fails to advance | |
| | | | | | the... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-29562 | | | | glibc: assertion failure in | avd.aquasec.com/nvd/cve-2020-29562 |
| | | | | | iconv when converting invalid | |
| | | | | | UCS4 | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison | avd.aquasec.com/nvd/cve-2020-6096 |
| | | | | | vulnerability in the ARMv7 | |
| | | | | | memcpy function | |
+--------------------------------+------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| libc-dev-bin | CVE-2016-10228 | | | | glibc: iconv program can | avd.aquasec.com/nvd/cve-2016-10228 |
| | | | | | hang when invoked with the -c | |
| | | | | | option | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-25013 | | | | glibc: buffer over-read in | avd.aquasec.com/nvd/cve-2019-25013 |
| | | | | | iconv when processing invalid | |
| | | | | | multi-byte input sequences | |
| | | | | | in... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing | avd.aquasec.com/nvd/cve-2020-27618 |
| | | | | | invalid multi-byte input | |
| | | | | | sequences fails to advance | |
| | | | | | the... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-29562 | | | | glibc: assertion failure in | avd.aquasec.com/nvd/cve-2020-29562 |
| | | | | | iconv when converting invalid | |
| | | | | | UCS4 | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison | avd.aquasec.com/nvd/cve-2020-6096 |
| | | | | | vulnerability in the ARMv7 | |
| | | | | | memcpy function | |
+--------------------------------+------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| libc6 | CVE-2016-10228 | | | | glibc: iconv program can | avd.aquasec.com/nvd/cve-2016-10228 |
| | | | | | hang when invoked with the -c | |
| | | | | | option | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-25013 | | | | glibc: buffer over-read in | avd.aquasec.com/nvd/cve-2019-25013 |
| | | | | | iconv when processing invalid | |
| | | | | | multi-byte input sequences | |
| | | | | | in... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing | avd.aquasec.com/nvd/cve-2020-27618 |
| | | | | | invalid multi-byte input | |
| | | | | | sequences fails to advance | |
| | | | | | the... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-29562 | | | | glibc: assertion failure in | avd.aquasec.com/nvd/cve-2020-29562 |
| | | | | | iconv when converting invalid | |
| | | | | | UCS4 | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison | avd.aquasec.com/nvd/cve-2020-6096 |
| | | | | | vulnerability in the ARMv7 | |
| | | | | | memcpy function | |
+--------------------------------+------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| libc6-dev | CVE-2016-10228 | | | | glibc: iconv program can | avd.aquasec.com/nvd/cve-2016-10228 |
| | | | | | hang when invoked with the -c | |
| | | | | | option | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-25013 | | | | glibc: buffer over-read in | avd.aquasec.com/nvd/cve-2019-25013 |
| | | | | | iconv when processing invalid | |
| | | | | | multi-byte input sequences | |
| | | | | | in... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing | avd.aquasec.com/nvd/cve-2020-27618 |
| | | | | | invalid multi-byte input | |
| | | | | | sequences fails to advance | |
| | | | | | the... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-29562 | | | | glibc: assertion failure in | avd.aquasec.com/nvd/cve-2020-29562 |
| | | | | | iconv when converting invalid | |
| | | | | | UCS4 | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison | avd.aquasec.com/nvd/cve-2020-6096 |
| | | | | | vulnerability in the ARMv7 | |
| | | | | | memcpy function | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libctf-nobfd0 | CVE-2017-13716 | | 2.34-6ubuntu1 | | binutils: Memory leak with the | avd.aquasec.com/nvd/cve-2017-13716 |
| | | | | | C++ symbol demangler routine | |
| | | | | | in libiberty | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in | avd.aquasec.com/nvd/cve-2018-20657 |
| | | | | | demangle_template function | |
| | | | | | resulting in a denial of | |
| | | | | | service... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in | avd.aquasec.com/nvd/cve-2018-20673 |
| | | | | | demangle_template() function | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-1010204 | | | | binutils: Improper Input | avd.aquasec.com/nvd/cve-2019-1010204 |
| | | | | | Validation, Signed/Unsigned | |
| | | | | | Comparison, Out-of-bounds | |
| | | | | | Read in gold/fileread.cc and | |
| | | | | | elfcpp/elfcpp_file.h... | |
+--------------------------------+------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| libctf0 | CVE-2017-13716 | | | | binutils: Memory leak with the | avd.aquasec.com/nvd/cve-2017-13716 |
| | | | | | C++ symbol demangler routine | |
| | | | | | in libiberty | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20657 | | | | libiberty: Memory leak in | avd.aquasec.com/nvd/cve-2018-20657 |
| | | | | | demangle_template function | |
| | | | | | resulting in a denial of | |
| | | | | | service... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-20673 | | | | libiberty: Integer overflow in | avd.aquasec.com/nvd/cve-2018-20673 |
| | | | | | demangle_template() function | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-1010204 | | | | binutils: Improper Input | avd.aquasec.com/nvd/cve-2019-1010204 |
| | | | | | Validation, Signed/Unsigned | |
| | | | | | Comparison, Out-of-bounds | |
| | | | | | Read in gold/fileread.cc and | |
| | | | | | elfcpp/elfcpp_file.h... | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libgcc-9-dev | CVE-2020-13844 | MEDIUM | 9.3.0-17ubuntu1~20.04 | | kernel: ARM straight-line | avd.aquasec.com/nvd/cve-2020-13844 |
| | | | | | speculation vulnerability | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libgcrypt20 | CVE-2019-12904 | LOW | 1.8.5-5ubuntu1 | | Libgcrypt: physical addresses | avd.aquasec.com/nvd/cve-2019-12904 |
| | | | | | being available to other | |
| | | | | | processes leads to a | |
| | | | | | flush-and-reload... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libgssapi-krb5-2 | CVE-2018-5709 | | 1.17-6ubuntu4.1 | | krb5: integer overflow | avd.aquasec.com/nvd/cve-2018-5709 |
| | | | | | in dbentry->n_key_data in | |
| | | | | | kadmin/dbutil/dump.c | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libjbig0 | CVE-2017-9937 | | 2.1-3.1build1 | | libtiff: memory malloc failure | avd.aquasec.com/nvd/cve-2017-9937 |
| | | | | | in tif_jbig.c could cause DOS. | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libk5crypto3 | CVE-2018-5709 | | 1.17-6ubuntu4.1 | | krb5: integer overflow | avd.aquasec.com/nvd/cve-2018-5709 |
| | | | | | in dbentry->n_key_data in | |
| | | | | | kadmin/dbutil/dump.c | |
+--------------------------------+ + + +-------------------------+ + +
| libkrb5-3 | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| libkrb5support0 | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libldap-2.4-2 | CVE-2020-36221 | MEDIUM | 2.4.49+dfsg-2ubuntu1.5 | | openldap: Integer underflow in | avd.aquasec.com/nvd/cve-2020-36221 |
| | | | | | serialNumberAndIssuerCheck in | |
| | | | | | schema_init.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36222 | | | | openldap: Assertion failure | avd.aquasec.com/nvd/cve-2020-36222 |
| | | | | | in slapd in the saslAuthzTo | |
| | | | | | validation | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36223 | | | | openldap: Out-of-bounds read | avd.aquasec.com/nvd/cve-2020-36223 |
| | | | | | in Values Return Filter | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36224 | | | | openldap: Invalid pointer free | avd.aquasec.com/nvd/cve-2020-36224 |
| | | | | | in the saslAuthzTo processing | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36225 | | | | openldap: Double free in the | avd.aquasec.com/nvd/cve-2020-36225 |
| | | | | | saslAuthzTo processing | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36226 | | | | openldap: Denial of service | avd.aquasec.com/nvd/cve-2020-36226 |
| | | | | | via length miscalculation in | |
| | | | | | slap_parse_user | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36227 | | | | openldap: Infinite loop in | avd.aquasec.com/nvd/cve-2020-36227 |
| | | | | | slapd with the cancel_extop | |
| | | | | | Cancel operation | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36228 | | | | openldap: Integer underflow | avd.aquasec.com/nvd/cve-2020-36228 |
| | | | | | in issuerAndThisUpdateCheck in | |
| | | | | | schema_init.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36229 | | | | openldap: Type confusion in | avd.aquasec.com/nvd/cve-2020-36229 |
| | | | | | ad_keystring in ad.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36230 | | | | openldap: Assertion failure in | avd.aquasec.com/nvd/cve-2020-36230 |
| | | | | | ber_next_element in decode.c | |
+--------------------------------+------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| libldap-common | CVE-2020-36221 | | | | openldap: Integer underflow in | avd.aquasec.com/nvd/cve-2020-36221 |
| | | | | | serialNumberAndIssuerCheck in | |
| | | | | | schema_init.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36222 | | | | openldap: Assertion failure | avd.aquasec.com/nvd/cve-2020-36222 |
| | | | | | in slapd in the saslAuthzTo | |
| | | | | | validation | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36223 | | | | openldap: Out-of-bounds read | avd.aquasec.com/nvd/cve-2020-36223 |
| | | | | | in Values Return Filter | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36224 | | | | openldap: Invalid pointer free | avd.aquasec.com/nvd/cve-2020-36224 |
| | | | | | in the saslAuthzTo processing | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36225 | | | | openldap: Double free in the | avd.aquasec.com/nvd/cve-2020-36225 |
| | | | | | saslAuthzTo processing | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36226 | | | | openldap: Denial of service | avd.aquasec.com/nvd/cve-2020-36226 |
| | | | | | via length miscalculation in | |
| | | | | | slap_parse_user | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36227 | | | | openldap: Infinite loop in | avd.aquasec.com/nvd/cve-2020-36227 |
| | | | | | slapd with the cancel_extop | |
| | | | | | Cancel operation | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36228 | | | | openldap: Integer underflow | avd.aquasec.com/nvd/cve-2020-36228 |
| | | | | | in issuerAndThisUpdateCheck in | |
| | | | | | schema_init.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36229 | | | | openldap: Type confusion in | avd.aquasec.com/nvd/cve-2020-36229 |
| | | | | | ad_keystring in ad.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36230 | | | | openldap: Assertion failure in | avd.aquasec.com/nvd/cve-2020-36230 |
| | | | | | ber_next_element in decode.c | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libmysqlclient-dev | CVE-2021-2002 | | 8.0.22-0ubuntu0.20.04.3 | 8.0.23-0ubuntu0.20.04.1 | mysql: Server: Replication | avd.aquasec.com/nvd/cve-2021-2002 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2010 | | | | mysql: C API unspecified | avd.aquasec.com/nvd/cve-2021-2010 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + + +--------------------------------------+
| | CVE-2021-2011 | | | | | avd.aquasec.com/nvd/cve-2021-2011 |
| | | | | | | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2021 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2021 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2022 | | | | mysql: InnoDB unspecified | avd.aquasec.com/nvd/cve-2021-2022 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2024 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2024 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + + +--------------------------------------+
| | CVE-2021-2031 | | | | | avd.aquasec.com/nvd/cve-2021-2031 |
| | | | | | | |
| | | | | | | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2032 | | | | mysql: Information Schema | avd.aquasec.com/nvd/cve-2021-2032 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2036 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2036 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2038 | | | | mysql: Server: Components | avd.aquasec.com/nvd/cve-2021-2038 |
| | | | | | Services unspecified | |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2046 | | | | mysql: Server: Stored | avd.aquasec.com/nvd/cve-2021-2046 |
| | | | | | Procedure unspecified | |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2048 | | | | mysql: InnoDB unspecified | avd.aquasec.com/nvd/cve-2021-2048 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2056 | | | | mysql: Server: DML unspecified | avd.aquasec.com/nvd/cve-2021-2056 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2058 | | | | mysql: Server: Locking | avd.aquasec.com/nvd/cve-2021-2058 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2060 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2060 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2061 | | | | mysql: Server: DDL unspecified | avd.aquasec.com/nvd/cve-2021-2061 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2065 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2065 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + + +--------------------------------------+
| | CVE-2021-2070 | | | | | avd.aquasec.com/nvd/cve-2021-2070 |
| | | | | | | |
| | | | | | | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2072 | | | | mysql: Server: Stored | avd.aquasec.com/nvd/cve-2021-2072 |
| | | | | | Procedure unspecified | |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2076 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2076 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2081 | | | | mysql: Server: Stored | avd.aquasec.com/nvd/cve-2021-2081 |
| | | | | | Procedure unspecified | |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2087 | | | | mysql: Server: DML unspecified | avd.aquasec.com/nvd/cve-2021-2087 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + + +--------------------------------------+
| | CVE-2021-2088 | | | | | avd.aquasec.com/nvd/cve-2021-2088 |
| | | | | | | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2122 | | | | mysql: Server: DDL unspecified | avd.aquasec.com/nvd/cve-2021-2122 |
| | | | | | vulnerability (CPU Jan 2021) | |
+--------------------------------+------------------+ + + +---------------------------------------------+--------------------------------------+
| libmysqlclient21 | CVE-2021-2002 | | | | mysql: Server: Replication | avd.aquasec.com/nvd/cve-2021-2002 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2010 | | | | mysql: C API unspecified | avd.aquasec.com/nvd/cve-2021-2010 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + + +--------------------------------------+
| | CVE-2021-2011 | | | | | avd.aquasec.com/nvd/cve-2021-2011 |
| | | | | | | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2021 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2021 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2022 | | | | mysql: InnoDB unspecified | avd.aquasec.com/nvd/cve-2021-2022 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2024 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2024 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + + +--------------------------------------+
| | CVE-2021-2031 | | | | | avd.aquasec.com/nvd/cve-2021-2031 |
| | | | | | | |
| | | | | | | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2032 | | | | mysql: Information Schema | avd.aquasec.com/nvd/cve-2021-2032 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2036 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2036 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2038 | | | | mysql: Server: Components | avd.aquasec.com/nvd/cve-2021-2038 |
| | | | | | Services unspecified | |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2046 | | | | mysql: Server: Stored | avd.aquasec.com/nvd/cve-2021-2046 |
| | | | | | Procedure unspecified | |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2048 | | | | mysql: InnoDB unspecified | avd.aquasec.com/nvd/cve-2021-2048 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2056 | | | | mysql: Server: DML unspecified | avd.aquasec.com/nvd/cve-2021-2056 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2058 | | | | mysql: Server: Locking | avd.aquasec.com/nvd/cve-2021-2058 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2060 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2060 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2061 | | | | mysql: Server: DDL unspecified | avd.aquasec.com/nvd/cve-2021-2061 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2065 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2065 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + + +--------------------------------------+
| | CVE-2021-2070 | | | | | avd.aquasec.com/nvd/cve-2021-2070 |
| | | | | | | |
| | | | | | | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2072 | | | | mysql: Server: Stored | avd.aquasec.com/nvd/cve-2021-2072 |
| | | | | | Procedure unspecified | |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2076 | | | | mysql: Server: Optimizer | avd.aquasec.com/nvd/cve-2021-2076 |
| | | | | | unspecified vulnerability (CPU | |
| | | | | | Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2081 | | | | mysql: Server: Stored | avd.aquasec.com/nvd/cve-2021-2081 |
| | | | | | Procedure unspecified | |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2087 | | | | mysql: Server: DML unspecified | avd.aquasec.com/nvd/cve-2021-2087 |
| | | | | | vulnerability (CPU Jan 2021) | |
+ +------------------+ + + + +--------------------------------------+
| | CVE-2021-2088 | | | | | avd.aquasec.com/nvd/cve-2021-2088 |
| | | | | | | |
+ +------------------+ + + +---------------------------------------------+--------------------------------------+
| | CVE-2021-2122 | | | | mysql: Server: DDL unspecified | avd.aquasec.com/nvd/cve-2021-2122 |
| | | | | | vulnerability (CPU Jan 2021) | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libnginx-mod-http-image-filter | CVE-2020-11724 | | 1.18.0-0ubuntu1 | | An issue was discovered in | avd.aquasec.com/nvd/cve-2020-11724 |
| | | | | | OpenResty before 1.15.8.4. | |
| | | | | | ngx_http_lua_subrequest.c | |
| | | | | | allows HTTP request... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libnginx-mod-http-passenger | CVE-2016-10345 | | 1:6.0.7-1~focal1 | | passenger: File overwrite | avd.aquasec.com/nvd/cve-2016-10345 |
| | | | | | vulnerability in | |
| | | | | | passenger-install-nginx-module | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libnginx-mod-http-xslt-filter | CVE-2020-11724 | | 1.18.0-0ubuntu1 | | An issue was discovered in | avd.aquasec.com/nvd/cve-2020-11724 |
| | | | | | OpenResty before 1.15.8.4. | |
| | | | | | ngx_http_lua_subrequest.c | |
| | | | | | allows HTTP request... | |
+--------------------------------+ + + +-------------------------+ + +
| libnginx-mod-mail | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| libnginx-mod-stream | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libpam-systemd | CVE-2018-20839 | | 245.4-4ubuntu3.4 | | systemd: mishandling of the | avd.aquasec.com/nvd/cve-2018-20839 |
| | | | | | current keyboard mode check | |
| | | | | | leading to passwords being... | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libpcre3 | CVE-2017-11164 | LOW | 2:8.39-12build1 | | pcre: OP_KETRMAX feature | avd.aquasec.com/nvd/cve-2017-11164 |
| | | | | | in the match function in | |
| | | | | | pcre_exec.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-20838 | | | | pcre: buffer over-read in JIT | avd.aquasec.com/nvd/cve-2019-20838 |
| | | | | | when UTF is disabled | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-14155 | | | | pcre: integer overflow in | avd.aquasec.com/nvd/cve-2020-14155 |
| | | | | | libpcre | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libpolkit-agent-1-0 | CVE-2016-2568 | | 0.105-26ubuntu1 | | polkit: Program run via pkexec | avd.aquasec.com/nvd/cve-2016-2568 |
| | | | | | as unprivileged user can | |
| | | | | | escape to parent... | |
+--------------------------------+ + + +-------------------------+ + +
| libpolkit-gobject-1-0 | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libpython3.8-minimal | CVE-2021-3177 | MEDIUM | 3.8.5-1~20.04 | | python: stack-based buffer | avd.aquasec.com/nvd/cve-2021-3177 |
| | | | | | overflow in PyCArg_repr in | |
| | | | | | _ctypes/callproc.c | |
+ +------------------+----------+ +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27619 | LOW | | | python: Python 3 eval of http | avd.aquasec.com/nvd/cve-2020-27619 |
| | | | | | resources during test suite | |
| | | | | | runs | |
+--------------------------------+------------------+----------+ +-------------------------+---------------------------------------------+--------------------------------------+
| libpython3.8-stdlib | CVE-2021-3177 | MEDIUM | | | python: stack-based buffer | avd.aquasec.com/nvd/cve-2021-3177 |
| | | | | | overflow in PyCArg_repr in | |
| | | | | | _ctypes/callproc.c | |
+ +------------------+----------+ +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27619 | LOW | | | python: Python 3 eval of http | avd.aquasec.com/nvd/cve-2020-27619 |
| | | | | | resources during test suite | |
| | | | | | runs | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libsqlite3-0 | CVE-2020-9794 | MEDIUM | 3.31.1-4ubuntu0.2 | | An out-of-bounds read was | avd.aquasec.com/nvd/cve-2020-9794 |
| | | | | | addressed with improved bounds | |
| | | | | | checking. This issue is... | |
+--------------------------------+ + + +-------------------------+ + +
| libsqlite3-dev | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libstdc++-9-dev | CVE-2020-13844 | | 9.3.0-17ubuntu1~20.04 | | kernel: ARM straight-line | avd.aquasec.com/nvd/cve-2020-13844 |
| | | | | | speculation vulnerability | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libsystemd0 | CVE-2018-20839 | | 245.4-4ubuntu3.4 | | systemd: mishandling of the | avd.aquasec.com/nvd/cve-2018-20839 |
| | | | | | current keyboard mode check | |
| | | | | | leading to passwords being... | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libtasn1-6 | CVE-2018-1000654 | LOW | 4.16.0-2 | | libtasn1: Infinite loop in | avd.aquasec.com/nvd/cve-2018-1000654 |
| | | | | | _asn1_expand_object_id(ptree) | |
| | | | | | leads to memory exhaustion | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libtiff5 | CVE-2018-10126 | | 4.1.0+git191117-2build1 | | libtiff: NULL pointer | avd.aquasec.com/nvd/cve-2018-10126 |
| | | | | | dereference in the | |
| | | | | | jpeg_fdct_16x16 function in | |
| | | | | | jfdctint.c | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libudev1 | CVE-2018-20839 | MEDIUM | 245.4-4ubuntu3.4 | | systemd: mishandling of the | avd.aquasec.com/nvd/cve-2018-20839 |
| | | | | | current keyboard mode check | |
| | | | | | leading to passwords being... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libwebp6 | CVE-2016-9085 | | 0.6.1-2 | | libwebp: Several integer | avd.aquasec.com/nvd/cve-2016-9085 |
| | | | | | overflows | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libx11-6 | CVE-2020-25697 | LOW | 2:1.6.9-2ubuntu1.1 | | xorg-x11-server: local | avd.aquasec.com/nvd/cve-2020-25697 |
| | | | | | privilege escalation | |
+--------------------------------+ + + +-------------------------+ + +
| libx11-data | | | | | | |
| | | | | | | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libxml2 | CVE-2020-24977 | | 2.9.10+dfsg-5 | | libxml2: Buffer Overflow | avd.aquasec.com/nvd/cve-2020-24977 |
| | | | | | vulnerability in | |
| | | | | | xmlEncodeEntitiesInternal at | |
| | | | | | libxml2/entities.c | |
+--------------------------------+ + + +-------------------------+ + +
| libxml2-dev | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| libxslt1-dev | CVE-2015-9019 | | 1.1.34-4 | | libxslt: math.random() in xslt | avd.aquasec.com/nvd/cve-2015-9019 |
| | | | | | uses unseeded randomness | |
+--------------------------------+ + + +-------------------------+ + +
| libxslt1.1 | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| linux-libc-dev | CVE-2013-7445 | MEDIUM | 5.4.0-65.73 | | kernel: memory exhaustion via | avd.aquasec.com/nvd/cve-2013-7445 |
| | | | | | crafted Graphics Execution | |
| | | | | | Manager (GEM) objects | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2015-8553 | | | | CVE-2015-2150 CVE-2015-8553 | avd.aquasec.com/nvd/cve-2015-8553 |
| | | | | | xen: non-maskable interrupts | |
| | | | | | triggerable by guests (xsa120) | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2016-8660 | | | | kernel: xfs: local DoS due to | avd.aquasec.com/nvd/cve-2016-8660 |
| | | | | | a page lock order bug in... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-17977 | | | | kernel: Mishandled | avd.aquasec.com/nvd/cve-2018-17977 |
| | | | | | interactions among XFRM | |
| | | | | | Netlink messages, IPPROTO_AH | |
| | | | | | packets, and IPPROTO_IP | |
| | | | | | packets... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-11725 | | | | kernel: improper handling | avd.aquasec.com/nvd/cve-2020-11725 |
| | | | | | of private_size*count | |
| | | | | | multiplication due to | |
| | | | | | count=info->owner typo | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-14304 | | | | kernel: ethtool when reading | avd.aquasec.com/nvd/cve-2020-14304 |
| | | | | | eeprom of device could lead to | |
| | | | | | memory leak... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27835 | | | | kernel: child process is able | avd.aquasec.com/nvd/cve-2020-27835 |
| | | | | | to access parent mm through | |
| | | | | | hfi dev... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-29373 | | | | kernel: Insecure handling | avd.aquasec.com/nvd/cve-2020-29373 |
| | | | | | of root directory for path | |
| | | | | | lookups via io_uring | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-29534 | | | | kernel: io_uring takes a | avd.aquasec.com/nvd/cve-2020-29534 |
| | | | | | non-refcounted reference | |
| | | | | | to the files_struct of the | |
| | | | | | process... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-36158 | | | | kernel: buffer overflow in | avd.aquasec.com/nvd/cve-2020-36158 |
| | | | | | mwifiex_cmd_802_11_ad_hoc_start function in | |
| | | | | | drivers/net/wireless/marvell/mwifiex/join.c | |
| | | | | | via a long SSID... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2021-3347 | | | | kernel: Use after free via PI | avd.aquasec.com/nvd/cve-2021-3347 |
| | | | | | futex state | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2021-3348 | | | | kernel: Use-after-free | avd.aquasec.com/nvd/cve-2021-3348 |
| | | | | | in ndb_queue_rq() in | |
| | | | | | drivers/block/nbd.c | |
+ +------------------+----------+ +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2017-0537 | LOW | | | An information disclosure | avd.aquasec.com/nvd/cve-2017-0537 |
| | | | | | vulnerability in the kernel | |
| | | | | | USB gadget driver could | |
| | | | | | enable... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2017-13165 | | | | An elevation of privilege | avd.aquasec.com/nvd/cve-2017-13165 |
| | | | | | vulnerability in the kernel | |
| | | | | | file system. Product: | |
| | | | | | Android.... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2017-13693 | | | | kernel: ACPI operand cache | avd.aquasec.com/nvd/cve-2017-13693 |
| | | | | | leak in dsutils.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-1121 | | | | procps-ng, procps: process | avd.aquasec.com/nvd/cve-2018-1121 |
| | | | | | hiding through race condition | |
| | | | | | enumerating /proc | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-12928 | | | | kernel: NULL pointer | avd.aquasec.com/nvd/cve-2018-12928 |
| | | | | | dereference in | |
| | | | | | hfs_ext_read_extent in hfs.ko | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-12929 | | | | kernel: use-after-free in | avd.aquasec.com/nvd/cve-2018-12929 |
| | | | | | ntfs_read_locked_inode in the | |
| | | | | | ntfs.ko | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-12930 | | | | kernel: stack-based | avd.aquasec.com/nvd/cve-2018-12930 |
| | | | | | out-of-bounds write in | |
| | | | | | ntfs_end_buffer_async_read in | |
| | | | | | the ntfs.ko | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2018-12931 | | | | kernel: stack-based | avd.aquasec.com/nvd/cve-2018-12931 |
| | | | | | out-of-bounds write in | |
| | | | | | ntfs_attr_find in the ntfs.ko | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-14899 | | | | VPN: an attacker can inject | avd.aquasec.com/nvd/cve-2019-14899 |
| | | | | | data into the TCP stream which | |
| | | | | | allows... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-15213 | | | | kernel: use-after-free caused | avd.aquasec.com/nvd/cve-2019-15213 |
| | | | | | by malicious USB device in | |
| | | | | | drivers/media/usb/dvb-usb/dvb-usb-init.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-16230 | | | | kernel: null pointer dereference in | avd.aquasec.com/nvd/cve-2019-16230 |
| | | | | | drivers/gpu/drm/radeon/radeon_display.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-19378 | | | | kernel: out-of-bounds write | avd.aquasec.com/nvd/cve-2019-19378 |
| | | | | | in index_rbio_pages in | |
| | | | | | fs/btrfs/raid56.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-19814 | | | | kernel: out-of-bounds write | avd.aquasec.com/nvd/cve-2019-19814 |
| | | | | | in __remove_dirty_segment in | |
| | | | | | fs/f2fs/segment.c | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-25639 | | | | kernel: NULL pointer | avd.aquasec.com/nvd/cve-2020-25639 |
| | | | | | dereference via nouveau ioctl | |
| | | | | | can lead to DoS | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2021-3178 | | | | kernel: path traversal in | avd.aquasec.com/nvd/cve-2021-3178 |
| | | | | | fs/nfsd/nfs3xdr.c may lead | |
| | | | | | to Information Disclosure or | |
| | | | | | RCE... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| locales | CVE-2016-10228 | | 2.31-0ubuntu9.2 | | glibc: iconv program can | avd.aquasec.com/nvd/cve-2016-10228 |
| | | | | | hang when invoked with the -c | |
| | | | | | option | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2019-25013 | | | | glibc: buffer over-read in | avd.aquasec.com/nvd/cve-2019-25013 |
| | | | | | iconv when processing invalid | |
| | | | | | multi-byte input sequences | |
| | | | | | in... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27618 | | | | glibc: iconv when processing | avd.aquasec.com/nvd/cve-2020-27618 |
| | | | | | invalid multi-byte input | |
| | | | | | sequences fails to advance | |
| | | | | | the... | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-29562 | | | | glibc: assertion failure in | avd.aquasec.com/nvd/cve-2020-29562 |
| | | | | | iconv when converting invalid | |
| | | | | | UCS4 | |
+ +------------------+ + +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-6096 | | | | glibc: signed comparison | avd.aquasec.com/nvd/cve-2020-6096 |
| | | | | | vulnerability in the ARMv7 | |
| | | | | | memcpy function | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| login | CVE-2013-4235 | | 1:4.8.1-1ubuntu5.20.04 | | shadow-utils: TOCTOU race | avd.aquasec.com/nvd/cve-2013-4235 |
| | | | | | conditions by copying and | |
| | | | | | removing directory trees | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| nginx | CVE-2020-11724 | MEDIUM | 1.18.0-0ubuntu1 | | An issue was discovered in | avd.aquasec.com/nvd/cve-2020-11724 |
| | | | | | OpenResty before 1.15.8.4. | |
| | | | | | ngx_http_lua_subrequest.c | |
| | | | | | allows HTTP request... | |
+--------------------------------+ + + +-------------------------+ + +
| nginx-common | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| nginx-core | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| openssh-client | CVE-2020-14145 | LOW | 1:8.2p1-4ubuntu0.1 | | openssh: Observable | avd.aquasec.com/nvd/cve-2020-14145 |
| | | | | | Discrepancy leading to an | |
| | | | | | information leak in the | |
| | | | | | algorithm negotiation... | |
+--------------------------------+ + + +-------------------------+ + +
| openssh-server | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| openssh-sftp-server | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| passenger | CVE-2016-10345 | MEDIUM | 1:6.0.7-1~focal1 | | passenger: File overwrite | avd.aquasec.com/nvd/cve-2016-10345 |
| | | | | | vulnerability in | |
| | | | | | passenger-install-nginx-module | |
+--------------------------------+ + + +-------------------------+ + +
| passenger-dev | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| passenger-doc | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| passwd | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu5.20.04 | | shadow-utils: TOCTOU race | avd.aquasec.com/nvd/cve-2013-4235 |
| | | | | | conditions by copying and | |
| | | | | | removing directory trees | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| patch | CVE-2018-6952 | | 2.7.6-6 | | patch: Double free of memory | avd.aquasec.com/nvd/cve-2018-6952 |
| | | | | | in pch.c:another_hunk() causes | |
| | | | | | a crash | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| policykit-1 | CVE-2016-2568 | | 0.105-26ubuntu1 | | polkit: Program run via pkexec | avd.aquasec.com/nvd/cve-2016-2568 |
| | | | | | as unprivileged user can | |
| | | | | | escape to parent... | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| python3.8 | CVE-2021-3177 | MEDIUM | 3.8.5-1~20.04 | | python: stack-based buffer | avd.aquasec.com/nvd/cve-2021-3177 |
| | | | | | overflow in PyCArg_repr in | |
| | | | | | _ctypes/callproc.c | |
+ +------------------+----------+ +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27619 | LOW | | | python: Python 3 eval of http | avd.aquasec.com/nvd/cve-2020-27619 |
| | | | | | resources during test suite | |
| | | | | | runs | |
+--------------------------------+------------------+----------+ +-------------------------+---------------------------------------------+--------------------------------------+
| python3.8-minimal | CVE-2021-3177 | MEDIUM | | | python: stack-based buffer | avd.aquasec.com/nvd/cve-2021-3177 |
| | | | | | overflow in PyCArg_repr in | |
| | | | | | _ctypes/callproc.c | |
+ +------------------+----------+ +-------------------------+---------------------------------------------+--------------------------------------+
| | CVE-2020-27619 | LOW | | | python: Python 3 eval of http | avd.aquasec.com/nvd/cve-2020-27619 |
| | | | | | resources during test suite | |
| | | | | | runs | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| sqlite3 | CVE-2020-9794 | MEDIUM | 3.31.1-4ubuntu0.2 | | An out-of-bounds read was | avd.aquasec.com/nvd/cve-2020-9794 |
| | | | | | addressed with improved bounds | |
| | | | | | checking. This issue is... | |
+--------------------------------+------------------+ +-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
| systemd | CVE-2018-20839 | | 245.4-4ubuntu3.4 | | systemd: mishandling of the | avd.aquasec.com/nvd/cve-2018-20839 |
| | | | | | current keyboard mode check | |
| | | | | | leading to passwords being... | |
+--------------------------------+ + + +-------------------------+ + +
| systemd-sysv | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+ + + +-------------------------+ + +
| systemd-timesyncd | | | | | | |
| | | | | | | |
| | | | | | | |
+--------------------------------+------------------+----------+-------------------------+-------------------------+---------------------------------------------+--------------------------------------+
home/app/pact_broker/Gemfile.lock
=================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)