2021-02-17T21:28:29.332+0100 DEBUG Severities: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL 2021-02-17T21:28:29.343+0100 DEBUG cache dir: /home/ras/.cache/trivy 2021-02-17T21:28:29.343+0100 DEBUG DB update was skipped because DB is the latest 2021-02-17T21:28:29.343+0100 DEBUG DB Schema: 1, Type: 1, UpdatedAt: 2021-02-17 12:18:56.889640612 +0000 UTC, NextUpdate: 2021-02-18 00:18:56.889640112 +0000 UTC, DownloadedAt: 2021-02-17 17:42:26.891886257 +0000 UTC 2021-02-17T21:28:30.467+0100 DEBUG Vulnerability type: [os library] 2021-02-17T21:28:30.591+0100 DEBUG Artifact ID: sha256:cdec0ed95384338dced0aa215e2a5b3320589f55314a6d95c84f121190790140 2021-02-17T21:28:30.591+0100 DEBUG Blob IDs: [sha256:9eb82f04c782ef3f5ca25911e60d75e441ce0fe82e49f0dbf02c81a3161d1300 sha256:08664b16f94c88a92db0711071c6cea4a83cc22cc9c8fed80f91e9b6a81ab8ab sha256:513adf10febc21044d7f3e83a96aaf24bf9834da670248073058830728c84e84 sha256:027810cd859b8abf198bb74b767bbe04223202866ae2203cea6423992d9a82be sha256:8d900cff006db109d06e0a2c319339a5e23c692c800c973139940c73c2597a29 sha256:b6602c4922e9cb84ce5299b10f617ef73990e0b3d70b6201cbfc308f7787cbc4 sha256:597be9bde442321487db31df1e8b0f009abb44fc7f1262c1425fec54d0809636] 2021-02-17T21:28:30.593+0100 INFO Detecting Debian vulnerabilities... 2021-02-17T21:28:30.593+0100 DEBUG debian: os version: 10 2021-02-17T21:28:30.593+0100 DEBUG debian: the number of packages: 90 2021-02-17T21:28:30.612+0100 INFO Trivy skips scanning programming language libraries because no supported file was detected nexus3.onap.org:10001/onap/cps-service:0.0.1-SNAPSHOT (debian 10.8) =================================================================== Total: 99 (UNKNOWN: 4, LOW: 69, MEDIUM: 8, HIGH: 18, CRITICAL: 0) +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | apt | CVE-2011-3374 | LOW | 1.8.2.2 | | It was found that apt-key in apt, | | | | | | | all versions, do not correctly... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | | | | | | | equal to its real UID the... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | TEMP-0841856-B18BAF | | | | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | | | | | | | session can escape to the | | | | | | | parent session in chroot | | | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2017-18018 | | | | coreutils: race condition | | | | | | | vulnerability in chown and chgrp | | | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | | | | | | | Forgeries with SHA-1 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.2 | | It was found that apt-key in apt, | | | | | | | all versions, do not correctly... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | libc-bin | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +----------------+---------------------+----------+ +---------------+------------------------------------------------------------+ | libc6 | CVE-2020-1751 | HIGH | | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | libgcrypt20 | CVE-2019-13627 | MEDIUM | 1.8.4-5 | | libgcrypt: ECDSA timing attack | | | | | | | allowing private key leak | | | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | | | | | | | doesn't have semantic security due | | | | | | | to incorrectly encoded plaintexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | libgnutls30 | CVE-2020-24659 | HIGH | 3.6.7-4+deb10u6 | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | | | | | | | fails to perform the roundtrip | | | | | | | checks specified in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | liblz4-1 | CVE-2019-17543 | LOW | 1.8.3-1 | | lz4: heap-based buffer | | | | | | | overflow in LZ4_write32 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: integer overflow in libpcre | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | | | | | | | match function in pcre_exec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2017-16231 | | | | pcre: self-recursive call | | | | | | | in match() in pcre_exec.c | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | | | | | | | write in pcre32_copy_substring | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | | | | | | | write in pcre32_copy_substring | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-20838 | | | | pcre: buffer over-read in | | | | | | | JIT when UTF is disabled | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | | | | | | | of syscall filters in libseccomp | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u4 | | Dual_EC_DRBG: weak pseudo | | | | | | | random number generator | | | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2010-0928 | | | | openssl: RSA authentication weakness | | | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1551 | | | | openssl: Integer overflow in RSAZ | | | | | | | modular exponentiation on x86_64 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2021-23840 | UNKNOWN | | | Calls to EVP_CipherUpdate, | | | | | | | EVP_EncryptUpdate and | | | | | | | EVP_DecryptUpdate may overflow | | | | | | | the output length argument... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2021-23841 | | | | Calls to EVP_CipherUpdate, | | | | | | | EVP_EncryptUpdate and | | | | | | | EVP_DecryptUpdate may overflow | | | | | | | the output length argument... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | libsystemd0 | CVE-2019-3843 | | 241-7~deb10u6 | | systemd: services with DynamicUser | | | | | | | can create SUID/SGID binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-3844 | | | | systemd: services with DynamicUser | | | | | | | can get new privileges and | | | | | | | create SGID binaries... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | | | | | | | when updating file permissions | | | | | | | and SELinux security contexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-20386 | | | | systemd: memory leak in button_open() | | | | | | | in login/logind-button.c when | | | | | | | udev events are received... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-13776 | | | | systemd: mishandles numerical | | | | | | | usernames beginning with decimal | | | | | | | digits or 0x followed by... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | | | | | | | _asn1_expand_object_id(ptree) | | | | | | | leads to memory exhaustion | | | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u6 | | systemd: services with DynamicUser | | | | | | | can create SUID/SGID binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-3844 | | | | systemd: services with DynamicUser | | | | | | | can get new privileges and | | | | | | | create SGID binaries... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | | | | | | | when updating file permissions | | | | | | | and SELinux security contexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-20386 | | | | systemd: memory leak in button_open() | | | | | | | in login/logind-button.c when | | | | | | | udev events are received... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2020-13776 | | | | systemd: mishandles numerical | | | | | | | usernames beginning with decimal | | | | | | | digits or 0x followed by... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | | | | | | | sets insecure permissions for | | | | | | | the /var/log/btmp file,... | | | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | | | | | | | conditions by copying and | | | | | | | removing directory trees | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2018-7169 | | | | shadow-utils: newgidmap | | | | | | | allows unprivileged user to | | | | | | | drop supplementary groups | | | | | | | potentially allowing privilege... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-19882 | | | | shadow-utils: local users can | | | | | | | obtain root access because setuid | | | | | | | programs are misconfigured... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | TEMP-0628843-DBAD28 | | | | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u4 | | Dual_EC_DRBG: weak pseudo | | | | | | | random number generator | | | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2010-0928 | | | | openssl: RSA authentication weakness | | | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-1551 | | | | openssl: Integer overflow in RSAZ | | | | | | | modular exponentiation on x86_64 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 | + +---------------------+----------+ +---------------+------------------------------------------------------------+ | | CVE-2021-23840 | UNKNOWN | | | Calls to EVP_CipherUpdate, | | | | | | | EVP_EncryptUpdate and | | | | | | | EVP_DecryptUpdate may overflow | | | | | | | the output length argument... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2021-23841 | | | | Calls to EVP_CipherUpdate, | | | | | | | EVP_EncryptUpdate and | | | | | | | EVP_DecryptUpdate may overflow | | | | | | | the output length argument... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+ | passwd | CVE-2007-5686 | LOW | 1:4.5-1.1 | | initscripts in rPath Linux 1 | | | | | | | sets insecure permissions for | | | | | | | the /var/log/btmp file,... | | | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | | | | | | | conditions by copying and | | | | | | | removing directory trees | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2018-7169 | | | | shadow-utils: newgidmap | | | | | | | allows unprivileged user to | | | | | | | drop supplementary groups | | | | | | | potentially allowing privilege... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-19882 | | | | shadow-utils: local users can | | | | | | | obtain root access because setuid | | | | | | | programs are misconfigured... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | TEMP-0628843-DBAD28 | | | | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | perl-base | CVE-2011-4116 | | 5.28.1-6+deb10u1 | | perl: File::Temp insecure | | | | | | | temporary file handling | | | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | sysvinit-utils | TEMP-0517018-A83CE6 | | 2.93-8 | | -->security-tracker.debian.org/tracker/TEMP-0517018-A83CE6 | +----------------+---------------------+ +-------------------+---------------+------------------------------------------------------------+ | tar | CVE-2005-2541 | | 1.30+dfsg-6 | | Tar 1.15.1 does not | | | | | | | properly warn the user when | | | | | | | extracting setuid or... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2019-9923 | | | | tar: null-pointer dereference | | | | | | | in pax_decode_header in sparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | CVE-2021-20193 | | | | tar: Memory leak in | | | | | | | read_header() in list.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | + +---------------------+ + +---------------+------------------------------------------------------------+ | | TEMP-0290435-0B57B5 | | | | -->security-tracker.debian.org/tracker/TEMP-0290435-0B57B5 | +----------------+---------------------+----------+-------------------+---------------+------------------------------------------------------------+