starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-25 17:25:57 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1349] Vulnerabilities scan with Trivy #921

New issue
Closed
opened 2026-03-03 02:04:41 +03:00 by kerem · 1 comment
kerem commented 2026-03-03 02:04:41 +03:00
Owner
Copy link

Originally created by @thelittlefireman on GitHub (Feb 2, 2021).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1349

Hi,
could it be possible to add trivy scan on CI on docker image ?

The image base on alpine is safe, but on debian (latest) contains lots of CVE :

docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:alpine
docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:latest

alpine result :

2021-02-02T15:58:43.847Z        INFO    Detecting Alpine vulnerabilities...
2021-02-02T15:58:43.852Z        INFO    Trivy skips scanning programming language libraries because no supported file was detected

bitwardenrs/server:alpine (alpine 3.12.3)
=========================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

debian result :

2021-02-02T15:54:59.426Z	WARN	You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2021-02-02T15:55:02.257Z	INFO	Detecting Debian vulnerabilities...
2021-02-02T15:55:02.345Z	INFO	Trivy skips scanning programming language libraries because no supported file was detected

bitwardenrs/server:latest (debian 10.7)
=======================================
Total: 291 (UNKNOWN: 4, LOW: 164, MEDIUM: 46, HIGH: 77, CRITICAL: 0)

+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
|       LIBRARY       |  VULNERABILITY ID   | SEVERITY |   INSTALLED VERSION   |   FIXED VERSION   |                            TITLE                             |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| apt                 | CVE-2011-3374       | LOW      | 1.8.2.2               |                   | It was found that apt-key in apt,                            |
|                     |                     |          |                       |                   | all versions, do not correctly...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| bash                | CVE-2019-18276      |          | 5.0-4                 |                   | bash: when effective UID is not                              |
|                     |                     |          |                       |                   | equal to its real UID the...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-18276                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0841856-B18BAF |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| coreutils           | CVE-2016-2781       |          | 8.30-3                |                   | coreutils: Non-privileged                                    |
|                     |                     |          |                       |                   | session can escape to the                                    |
|                     |                     |          |                       |                   | parent session in chroot                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-2781                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-18018      |          |                       |                   | coreutils: race condition                                    |
|                     |                     |          |                       |                   | vulnerability in chown and chgrp                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-18018                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| curl                | CVE-2020-8169       | HIGH     | 7.64.0-4+deb10u1      |                   | libcurl: partial password                                    |
|                     |                     |          |                       |                   | leak over DNS on HTTP redirect                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8177       |          |                       |                   | curl: Incorrect argument                                     |
|                     |                     |          |                       |                   | check can allow remote servers                               |
|                     |                     |          |                       |                   | to overwrite local files...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8177                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8231       |          |                       |                   | curl: Expired pointer                                        |
|                     |                     |          |                       |                   | dereference via multi API with                               |
|                     |                     |          |                       |                   | `CURLOPT_CONNECT_ONLY` option set                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8231                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8285       |          |                       |                   | curl: malicious FTP server can                               |
|                     |                     |          |                       |                   | trigger stack overflow when                                  |
|                     |                     |          |                       |                   | CURLOPT_CHUNK_BGN_FUNCTION                                   |
|                     |                     |          |                       |                   | is used...                                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8285                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8286       |          |                       |                   | curl: inferior OCSP verification                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8286                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8284       | LOW      |                       |                   | curl: dangerous nature                                       |
|                     |                     |          |                       |                   | of PASV command could                                        |
|                     |                     |          |                       |                   | be used to make curl...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8284                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| gcc-8-base          | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| gpgv                | CVE-2019-14855      | LOW      | 2.2.12-1+deb10u1      |                   | gnupg2: OpenPGP Key Certification                            |
|                     |                     |          |                       |                   | Forgeries with SHA-1                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-14855                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libapt-pkg5.0       | CVE-2011-3374       |          | 1.8.2.2               |                   | It was found that apt-key in apt,                            |
|                     |                     |          |                       |                   | all versions, do not correctly...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libc-bin            | CVE-2020-1751       | HIGH     | 2.28-10               |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc-dev-bin        | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc6               | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc6-dev           | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libcurl4            | CVE-2020-8169       | HIGH     | 7.64.0-4+deb10u1      |                   | libcurl: partial password                                    |
|                     |                     |          |                       |                   | leak over DNS on HTTP redirect                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8177       |          |                       |                   | curl: Incorrect argument                                     |
|                     |                     |          |                       |                   | check can allow remote servers                               |
|                     |                     |          |                       |                   | to overwrite local files...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8177                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8231       |          |                       |                   | curl: Expired pointer                                        |
|                     |                     |          |                       |                   | dereference via multi API with                               |
|                     |                     |          |                       |                   | `CURLOPT_CONNECT_ONLY` option set                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8231                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8285       |          |                       |                   | curl: malicious FTP server can                               |
|                     |                     |          |                       |                   | trigger stack overflow when                                  |
|                     |                     |          |                       |                   | CURLOPT_CHUNK_BGN_FUNCTION                                   |
|                     |                     |          |                       |                   | is used...                                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8285                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8286       |          |                       |                   | curl: inferior OCSP verification                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8286                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8284       | LOW      |                       |                   | curl: dangerous nature                                       |
|                     |                     |          |                       |                   | of PASV command could                                        |
|                     |                     |          |                       |                   | be used to make curl...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8284                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgcc1             | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgcrypt20         | CVE-2019-13627      | MEDIUM   | 1.8.4-5               |                   | libgcrypt: ECDSA timing attack                               |
|                     |                     |          |                       |                   | allowing private key leak                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-13627                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-6829       | LOW      |                       |                   | libgcrypt: ElGamal implementation                            |
|                     |                     |          |                       |                   | doesn't have semantic security due                           |
|                     |                     |          |                       |                   | to incorrectly encoded plaintexts...                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-6829                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgnutls-dane0     | CVE-2020-24659      | HIGH     | 3.6.7-4+deb10u5       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls-openssl27 | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls28-dev     | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls30         | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutlsxx28       | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libgssapi-krb5-2    | CVE-2004-0971       |          | 1.17-3+deb10u1        |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libidn2-0           | CVE-2019-12290      | HIGH     | 2.0.5-1+deb10u1       |                   | GNU libidn2 before 2.2.0                                     |
|                     |                     |          |                       |                   | fails to perform the roundtrip                               |
|                     |                     |          |                       |                   | checks specified in...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12290                        |
+---------------------+                     +          +                       +-------------------+                                                              +
| libidn2-dev         |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libk5crypto3        | CVE-2004-0971       | LOW      | 1.17-3+deb10u1        |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+          +                       +-------------------+--------------------------------------------------------------+
| libkrb5-3           | CVE-2004-0971       |          |                       |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+          +                       +-------------------+--------------------------------------------------------------+
| libkrb5support0     | CVE-2004-0971       |          |                       |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libldap-2.4-2       | CVE-2020-36221      | HIGH     | 2.4.47+dfsg-3+deb10u4 |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in serialNumberAndIssuerCheck                                |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36221                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36222      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | slapd in the saslAuthzTo validation                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36222                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36223      |          |                       |                   | openldap: Out-of-bounds                                      |
|                     |                     |          |                       |                   | read in Values Return Filter                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36223                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36224      |          |                       |                   | openldap: Invalid pointer free                               |
|                     |                     |          |                       |                   | in the saslAuthzTo processing                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36224                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36225      |          |                       |                   | openldap: Double free in                                     |
|                     |                     |          |                       |                   | the saslAuthzTo processing                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36225                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36226      |          |                       |                   | openldap: Denial of service                                  |
|                     |                     |          |                       |                   | via length miscalculation                                    |
|                     |                     |          |                       |                   | in slap_parse_user                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36226                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36227      |          |                       |                   | openldap: Infinite loop in slapd with                        |
|                     |                     |          |                       |                   | the cancel_extop Cancel operation                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36227                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36228      |          |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in issuerAndThisUpdateCheck                                  |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36229      |          |                       |                   | openldap: Type confusion                                     |
|                     |                     |          |                       |                   | in ad_keystring in ad.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36230      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | ber_next_element in decode.c                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36230                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-3276       | LOW      |                       |                   | openldap: incorrect multi-keyword                            |
|                     |                     |          |                       |                   | mode cipherstring parsing                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-3276                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-14159      |          |                       |                   | openldap: Privilege escalation                               |
|                     |                     |          |                       |                   | via PID file manipulation                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-14159                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-17740      |          |                       |                   | openldap:                                                    |
|                     |                     |          |                       |                   | contrib/slapd-modules/nops/nops.c                            |
|                     |                     |          |                       |                   | attempts to free stack buffer                                |
|                     |                     |          |                       |                   | allowing remote attackers to cause...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-17740                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15719      |          |                       |                   | openldap: Certificate                                        |
|                     |                     |          |                       |                   | validation incorrectly                                       |
|                     |                     |          |                       |                   | matches name against CN-ID                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15719                        |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libldap-common      | CVE-2020-36221      | HIGH     |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in serialNumberAndIssuerCheck                                |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36221                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36222      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | slapd in the saslAuthzTo validation                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36222                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36223      |          |                       |                   | openldap: Out-of-bounds                                      |
|                     |                     |          |                       |                   | read in Values Return Filter                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36223                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36224      |          |                       |                   | openldap: Invalid pointer free                               |
|                     |                     |          |                       |                   | in the saslAuthzTo processing                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36224                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36225      |          |                       |                   | openldap: Double free in                                     |
|                     |                     |          |                       |                   | the saslAuthzTo processing                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36225                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36226      |          |                       |                   | openldap: Denial of service                                  |
|                     |                     |          |                       |                   | via length miscalculation                                    |
|                     |                     |          |                       |                   | in slap_parse_user                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36226                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36227      |          |                       |                   | openldap: Infinite loop in slapd with                        |
|                     |                     |          |                       |                   | the cancel_extop Cancel operation                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36227                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36228      |          |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in issuerAndThisUpdateCheck                                  |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36229      |          |                       |                   | openldap: Type confusion                                     |
|                     |                     |          |                       |                   | in ad_keystring in ad.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36230      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | ber_next_element in decode.c                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36230                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-3276       | LOW      |                       |                   | openldap: incorrect multi-keyword                            |
|                     |                     |          |                       |                   | mode cipherstring parsing                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-3276                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-14159      |          |                       |                   | openldap: Privilege escalation                               |
|                     |                     |          |                       |                   | via PID file manipulation                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-14159                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-17740      |          |                       |                   | openldap:                                                    |
|                     |                     |          |                       |                   | contrib/slapd-modules/nops/nops.c                            |
|                     |                     |          |                       |                   | attempts to free stack buffer                                |
|                     |                     |          |                       |                   | allowing remote attackers to cause...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-17740                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15719      |          |                       |                   | openldap: Certificate                                        |
|                     |                     |          |                       |                   | validation incorrectly                                       |
|                     |                     |          |                       |                   | matches name against CN-ID                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15719                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| liblz4-1            | CVE-2019-17543      |          | 1.8.3-1               |                   | lz4: heap-based buffer                                       |
|                     |                     |          |                       |                   | overflow in LZ4_write32                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-17543                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libnghttp2-14       | TEMP-0000000-A4EF31 |          | 1.36.0-2+deb10u1      |                   | -->security-tracker.debian.org/tracker/TEMP-0000000-A4EF31   |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libp11-kit-dev      | CVE-2020-29361      | HIGH     | 0.23.15-2             | 0.23.15-2+deb10u1 | p11-kit: integer overflow when                               |
|                     |                     |          |                       |                   | allocating memory for arrays                                 |
|                     |                     |          |                       |                   | or attributes and object...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29361                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29363      |          |                       |                   | p11-kit: out-of-bounds write in                              |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array_value                          |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29363                        |
+                     +---------------------+----------+                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29362      | MEDIUM   |                       |                   | p11-kit: out-of-bounds read in                               |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array                                |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29362                        |
+---------------------+---------------------+----------+                       +                   +--------------------------------------------------------------+
| libp11-kit0         | CVE-2020-29361      | HIGH     |                       |                   | p11-kit: integer overflow when                               |
|                     |                     |          |                       |                   | allocating memory for arrays                                 |
|                     |                     |          |                       |                   | or attributes and object...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29361                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29363      |          |                       |                   | p11-kit: out-of-bounds write in                              |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array_value                          |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29363                        |
+                     +---------------------+----------+                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29362      | MEDIUM   |                       |                   | p11-kit: out-of-bounds read in                               |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array                                |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29362                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libpcre3            | CVE-2020-14155      |          | 2:8.39-12             |                   | pcre: integer overflow in libpcre                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-14155                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-11164      | LOW      |                       |                   | pcre: OP_KETRMAX feature in the                              |
|                     |                     |          |                       |                   | match function in pcre_exec.c                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-11164                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-16231      |          |                       |                   | pcre: self-recursive call                                    |
|                     |                     |          |                       |                   | in match() in pcre_exec.c                                    |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-16231                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-7245       |          |                       |                   | pcre: stack-based buffer overflow                            |
|                     |                     |          |                       |                   | write in pcre32_copy_substring                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-7245                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-7246       |          |                       |                   | pcre: stack-based buffer overflow                            |
|                     |                     |          |                       |                   | write in pcre32_copy_substring                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-7246                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20838      |          |                       |                   | pcre: buffer over-read in                                    |
|                     |                     |          |                       |                   | JIT when UTF is disabled                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20838                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libpq5              | CVE-2020-25694      | HIGH     | 11.9-0+deb10u1        |                   | postgresql: Reconnection                                     |
|                     |                     |          |                       |                   | can downgrade connection                                     |
|                     |                     |          |                       |                   | security settings                                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25694                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25695      |          |                       |                   | postgresql: Multiple                                         |
|                     |                     |          |                       |                   | features escape "security                                    |
|                     |                     |          |                       |                   | restricted operation" sandbox                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25695                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25696      |          |                       |                   | postgresql: psql's                                           |
|                     |                     |          |                       |                   | \gset allows overwriting                                     |
|                     |                     |          |                       |                   | specially treated variables                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25696                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9193       | LOW      |                       |                   | postgresql: Command injection via                            |
|                     |                     |          |                       |                   | "COPY TO/FROM PROGRAM" function                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9193                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libseccomp2         | CVE-2019-9893       |          | 2.3.3-4               |                   | libseccomp: incorrect generation                             |
|                     |                     |          |                       |                   | of syscall filters in libseccomp                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9893                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libsqlite3-0        | CVE-2019-19603      | HIGH     | 3.27.2-3+deb10u1      |                   | sqlite: mishandles certain SELECT                            |
|                     |                     |          |                       |                   | statements with a nonexistent                                |
|                     |                     |          |                       |                   | VIEW, leading to DoS...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19603                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19645      | MEDIUM   |                       |                   | sqlite: infinite recursion via                               |
|                     |                     |          |                       |                   | certain types of self-referential                            |
|                     |                     |          |                       |                   | views in conjunction with...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19645                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19924      |          |                       |                   | sqlite: incorrect                                            |
|                     |                     |          |                       |                   | sqlite3WindowRewrite() error                                 |
|                     |                     |          |                       |                   | handling leads to mishandling                                |
|                     |                     |          |                       |                   | certain parser-tree rewriting                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19924                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13631      |          |                       |                   | sqlite: Virtual table can be                                 |
|                     |                     |          |                       |                   | renamed into the name of one of...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13631                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19244      | LOW      |                       |                   | sqlite: allows a crash                                       |
|                     |                     |          |                       |                   | if a sub-select uses both                                    |
|                     |                     |          |                       |                   | DISTINCT and window...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19244                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11656      |          |                       |                   | sqlite: use-after-free in the                                |
|                     |                     |          |                       |                   | ALTER TABLE implementation                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11656                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libssh2-1           | CVE-2019-13115      | HIGH     | 1.8.0-2.1             |                   | libssh2: integer overflow in                                 |
|                     |                     |          |                       |                   | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
|                     |                     |          |                       |                   | in kex.c leads to out-of-bounds write                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-13115                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-17498      | LOW      |                       |                   | libssh2: integer overflow in                                 |
|                     |                     |          |                       |                   | SSH_MSG_DISCONNECT logic in packet.c                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-17498                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libssl1.1           | CVE-2007-6755       |          | 1.1.1d-0+deb10u4      |                   | Dual_EC_DRBG: weak pseudo                                    |
|                     |                     |          |                       |                   | random number generator                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-6755                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-0928       |          |                       |                   | openssl: RSA authentication weakness                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-0928                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1551       |          |                       |                   | openssl: Integer overflow in RSAZ                            |
|                     |                     |          |                       |                   | modular exponentiation on x86_64                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1551                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libstdc++6          | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libsystemd0         | CVE-2019-3843       |          | 241-7~deb10u5         |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can create SUID/SGID binaries                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3843                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-3844       |          |                       |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can get new privileges and                                   |
|                     |                     |          |                       |                   | create SGID binaries...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3844                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4392       | LOW      |                       |                   | systemd: TOCTOU race condition                               |
|                     |                     |          |                       |                   | when updating file permissions                               |
|                     |                     |          |                       |                   | and SELinux security contexts...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4392                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20386      |          |                       |                   | systemd: memory leak in button_open()                        |
|                     |                     |          |                       |                   | in login/logind-button.c when                                |
|                     |                     |          |                       |                   | udev events are received...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20386                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13776      |          |                       |                   | systemd: mishandles numerical                                |
|                     |                     |          |                       |                   | usernames beginning with decimal                             |
|                     |                     |          |                       |                   | digits or 0x followed by...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13776                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libtasn1-6          | CVE-2018-1000654    |          | 4.13-3                |                   | libtasn1: Infinite loop in                                   |
|                     |                     |          |                       |                   | _asn1_expand_object_id(ptree)                                |
|                     |                     |          |                       |                   | leads to memory exhaustion                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-1000654                      |
+---------------------+                     +          +                       +-------------------+                                                              +
| libtasn1-6-dev      |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libudev1            | CVE-2019-3843       | HIGH     | 241-7~deb10u5         |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can create SUID/SGID binaries                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3843                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-3844       |          |                       |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can get new privileges and                                   |
|                     |                     |          |                       |                   | create SGID binaries...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3844                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4392       | LOW      |                       |                   | systemd: TOCTOU race condition                               |
|                     |                     |          |                       |                   | when updating file permissions                               |
|                     |                     |          |                       |                   | and SELinux security contexts...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4392                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20386      |          |                       |                   | systemd: memory leak in button_open()                        |
|                     |                     |          |                       |                   | in login/logind-button.c when                                |
|                     |                     |          |                       |                   | udev events are received...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20386                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13776      |          |                       |                   | systemd: mishandles numerical                                |
|                     |                     |          |                       |                   | usernames beginning with decimal                             |
|                     |                     |          |                       |                   | digits or 0x followed by...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13776                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libunbound8         | CVE-2020-28935      | MEDIUM   | 1.9.0-2+deb10u2       |                   | unbound: symbolic link                                       |
|                     |                     |          |                       |                   | traversal when writing PID file                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-28935                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-18934      | LOW      |                       |                   | unbound: command injection with                              |
|                     |                     |          |                       |                   | data coming from a specially                                 |
|                     |                     |          |                       |                   | crafted IPSECKEY answer...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-18934                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| linux-libc-dev      | CVE-2013-7445       | HIGH     | 4.19.160-2            |                   | kernel: memory exhaustion via                                |
|                     |                     |          |                       |                   | crafted Graphics Execution                                   |
|                     |                     |          |                       |                   | Manager (GEM) objects                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-7445                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19378      |          |                       |                   | kernel: out-of-bounds write in                               |
|                     |                     |          |                       |                   | index_rbio_pages in fs/btrfs/raid56.c                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19378                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19449      |          |                       |                   | kernel: mounting a crafted                                   |
|                     |                     |          |                       |                   | f2fs filesystem image can lead                               |
|                     |                     |          |                       |                   | to slab-out-of-bounds read...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19449                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19814      |          |                       |                   | kernel: out-of-bounds write                                  |
|                     |                     |          |                       |                   | in __remove_dirty_segment                                    |
|                     |                     |          |                       |                   | in fs/f2fs/segment.c                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19814                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11725      |          |                       |                   | kernel: improper handling of                                 |
|                     |                     |          |                       |                   | private_size*count multiplication                            |
|                     |                     |          |                       |                   | due to count=info->owner typo                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11725                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-16119      |          |                       |                   | kernel: DCCP CCID structure                                  |
|                     |                     |          |                       |                   | use-after-free may lead to                                   |
|                     |                     |          |                       |                   | DoS or code execution...                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-16119                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27815      |          |                       | 4.19.171-2        | kernel: Array index out of                                   |
|                     |                     |          |                       |                   | bounds access when setting                                   |
|                     |                     |          |                       |                   | extended attributes on...                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27815                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-28374      |          |                       |                   | kernel: SCSI target (LIO) write                              |
|                     |                     |          |                       |                   | to any block on ILO backstore                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-28374                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29374      |          |                       |                   | kernel: the get_user_pages                                   |
|                     |                     |          |                       |                   | implementation when used for a                               |
|                     |                     |          |                       |                   | copy-on-write page does not...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29374                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29569      |          |                       | 4.19.171-2        | ELSA-2021-9025:  Unbreakable                                 |
|                     |                     |          |                       |                   | Enterprise kernel-container                                  |
|                     |                     |          |                       |                   | security update (IMPORTANT)                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29569                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29661      |          |                       |                   | kernel: locking issue in                                     |
|                     |                     |          |                       |                   | drivers/tty/tty_jobctrl.c                                    |
|                     |                     |          |                       |                   | can lead to an use-after-free                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29661                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2021-3347       |          |                       |                   | kernel: Use after free                                       |
|                     |                     |          |                       |                   | via PI futex state                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3347                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-0630       | MEDIUM   |                       |                   | kernel: Information                                          |
|                     |                     |          |                       |                   | disclosure vulnerability                                     |
|                     |                     |          |                       |                   | in kernel trace subsystem                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-0630                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-3693       |          |                       |                   | Kernel: speculative                                          |
|                     |                     |          |                       |                   | bounds check bypass store                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-3693                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15213      |          |                       |                   | kernel: use-after-free caused                                |
|                     |                     |          |                       |                   | by malicious USB device in                                   |
|                     |                     |          |                       |                   | drivers/media/usb/dvb-usb/dvb-usb-init.c                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15213                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15794      |          |                       |                   | kernel: Overlayfs in the                                     |
|                     |                     |          |                       |                   | Linux kernel and shiftfs                                     |
|                     |                     |          |                       |                   | not restoring original...                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15794                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16089      |          |                       |                   | kernel: Improper return check                                |
|                     |                     |          |                       |                   | in nbd_genl_status function                                  |
|                     |                     |          |                       |                   | in drivers/block/nbd.c                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16089                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20794      |          |                       |                   | kernel: task processes not                                   |
|                     |                     |          |                       |                   | being properly ended could                                   |
|                     |                     |          |                       |                   | lead to resource exhaustion...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20794                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-14304      |          |                       |                   | kernel: ethtool when reading                                 |
|                     |                     |          |                       |                   | eeprom of device could                                       |
|                     |                     |          |                       |                   | lead to memory leak...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-14304                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15802      |          |                       |                   | hardware: BLURtooth: "Dual                                   |
|                     |                     |          |                       |                   | mode" hardware using CTKD are                                |
|                     |                     |          |                       |                   | vulnerable to key overwrite...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15802                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-16120      |          |                       |                   | kernel: incorrect unprivileged                               |
|                     |                     |          |                       |                   | overlayfs permission checking may                            |
|                     |                     |          |                       |                   | lead to information disclosure                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-16120                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-26541      |          |                       |                   | kernel: security bypass                                      |
|                     |                     |          |                       |                   | in certs/blacklist.c and                                     |
|                     |                     |          |                       |                   | certs/system_keyring.c                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-26541                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27820      |          |                       |                   | kernel: use-after-free                                       |
|                     |                     |          |                       |                   | in nouveau kernel module                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27820                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27825      |          |                       | 4.19.171-2        | kernel: use-after-free                                       |
|                     |                     |          |                       |                   | in the ftrace ring buffer                                    |
|                     |                     |          |                       |                   | resizing logic due to a...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27825                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-27830      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in in spk_ttyio_receive_buf2                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27830                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27835      |          |                       |                   | kernel: child process is able to                             |
|                     |                     |          |                       |                   | access parent mm through hfi dev...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27835                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29568      |          |                       | 4.19.171-2        | ELSA-2021-9025:  Unbreakable                                 |
|                     |                     |          |                       |                   | Enterprise kernel-container                                  |
|                     |                     |          |                       |                   | security update (IMPORTANT)                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29568                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29660      |          |                       |                   | kernel: locking inconsistency                                |
|                     |                     |          |                       |                   | in drivers/tty/tty_io.c and                                  |
|                     |                     |          |                       |                   | drivers/tty/tty_jobctrl.c can                                |
|                     |                     |          |                       |                   | lead to a read-after-free...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29660                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-36158      |          |                       |                   | kernel: buffer overflow in                                   |
|                     |                     |          |                       |                   | mwifiex_cmd_802_11_ad_hoc_start function in                  |
|                     |                     |          |                       |                   | drivers/net/wireless/marvell/mwifiex/join.c                  |
|                     |                     |          |                       |                   | via a long SSID...                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36158                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2021-20177      |          |                       |                   | kernel: iptables string match                                |
|                     |                     |          |                       |                   | rule could result in kernel panic                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-20177                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3348       |          |                       |                   | kernel: Use-after-free                                       |
|                     |                     |          |                       |                   | in ndb_queue_rq() in                                         |
|                     |                     |          |                       |                   | drivers/block/nbd.c                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3348                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2004-0230       | LOW      |                       |                   | TCP, when using a large Window                               |
|                     |                     |          |                       |                   | Size, makes it easier for remote...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0230                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2005-3660       |          |                       |                   | Linux kernel 2.4 and 2.6 allows                              |
|                     |                     |          |                       |                   | attackers to cause a denial of...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2005-3660                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2007-3719       |          |                       |                   | kernel: secretly Monopolizing the                            |
|                     |                     |          |                       |                   | CPU Without Superuser Privileges                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-3719                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2008-2544       |          |                       |                   | kernel: mounting proc                                        |
|                     |                     |          |                       |                   | readonly on a different mount                                |
|                     |                     |          |                       |                   | point silently mounts it...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2008-2544                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2008-4609       |          |                       |                   | kernel: TCP protocol                                         |
|                     |                     |          |                       |                   | vulnerabilities from Outpost24                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2008-4609                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4563       |          |                       |                   | kernel: ipv6: sniffer detection                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4563                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-5321       |          |                       |                   | kernel: v4l: videobuf: hotfix a                              |
|                     |                     |          |                       |                   | bug on multiple calls to mmap()                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-5321                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-4915       |          |                       |                   | fs/proc/base.c in the Linux                                  |
|                     |                     |          |                       |                   | kernel through 3.1 allows                                    |
|                     |                     |          |                       |                   | local users to obtain...                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4915                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-4917       |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4917                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2012-4542       |          |                       |                   | kernel: block: default SCSI                                  |
|                     |                     |          |                       |                   | command filter does not accomodate                           |
|                     |                     |          |                       |                   | commands overlap across...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2012-4542                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2014-9892       |          |                       |                   | The snd_compr_tstamp function in                             |
|                     |                     |          |                       |                   | sound/core/compress_offload.c in                             |
|                     |                     |          |                       |                   | the Linux kernel through 4.7, as...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2014-9892                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2014-9900       |          |                       |                   | kernel: Info leak in uninitialized                           |
|                     |                     |          |                       |                   | structure ethtool_wolinfo                                    |
|                     |                     |          |                       |                   | in ethtool_get_wol()                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2014-9900                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-2877       |          |                       |                   | Kernel: Cross-VM ASL                                         |
|                     |                     |          |                       |                   | INtrospection (CAIN)                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-2877                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10723      |          |                       |                   | ** DISPUTED ** An issue                                      |
|                     |                     |          |                       |                   | was discovered in the                                        |
|                     |                     |          |                       |                   | Linux kernel through...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10723                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-8660       |          |                       |                   | kernel: xfs: local DoS due to                                |
|                     |                     |          |                       |                   | a page lock order bug in...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-8660                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-13693      |          |                       |                   | kernel: ACPI operand                                         |
|                     |                     |          |                       |                   | cache leak in dsutils.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-13693                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-13694      |          |                       |                   | kernel: ACPI node and                                        |
|                     |                     |          |                       |                   | node_ext cache leak                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-13694                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-1121       |          |                       |                   | procps-ng, procps: process                                   |
|                     |                     |          |                       |                   | hiding through race                                          |
|                     |                     |          |                       |                   | condition enumerating /proc                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-1121                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-12928      |          |                       |                   | kernel: NULL pointer dereference                             |
|                     |                     |          |                       |                   | in hfs_ext_read_extent in hfs.ko                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12928                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-17977      |          |                       |                   | kernel: Mishandled interactions among                        |
|                     |                     |          |                       |                   | XFRM Netlink messages, IPPROTO_AH                            |
|                     |                     |          |                       |                   | packets, and IPPROTO_IP packets...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-17977                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-11191      |          |                       |                   | kernel: race condition in                                    |
|                     |                     |          |                       |                   | load_aout_binary() allows local                              |
|                     |                     |          |                       |                   | users to bypass ASLR on...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-11191                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12378      |          |                       |                   | kernel: unchecked kmalloc                                    |
|                     |                     |          |                       |                   | of new_ra in ip6_ra_control                                  |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12378                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12379      |          |                       |                   | kernel:  memory leak in                                      |
|                     |                     |          |                       |                   | con_insert_unipair in                                        |
|                     |                     |          |                       |                   | drivers/tty/vt/consolemap.c                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12379                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12380      |          |                       |                   | kernel: memory allocation                                    |
|                     |                     |          |                       |                   | failure in the efi subsystem                                 |
|                     |                     |          |                       |                   | leads to denial of...                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12380                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12381      |          |                       |                   | kernel: unchecked kmalloc                                    |
|                     |                     |          |                       |                   | of new_ra in ip_ra_control                                   |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12381                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12382      |          |                       |                   | kernel: unchecked kstrdup of                                 |
|                     |                     |          |                       |                   | fwstr in drm_load_edid_firmware                              |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12382                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12455      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in sunxi_divs_clk_setup in                                   |
|                     |                     |          |                       |                   | drivers/clk/sunxi/clk-sunxi.c                                |
|                     |                     |          |                       |                   | causing denial of service...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12455                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12456      |          |                       |                   | kernel: double fetch in the                                  |
|                     |                     |          |                       |                   | MPT3COMMAND case in _ctl_ioctl_main                          |
|                     |                     |          |                       |                   | in drivers/scsi/mpt3sas/mpt3sas_ctl.c                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12456                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12615      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in get_vdev_port_node_info                                   |
|                     |                     |          |                       |                   | in arch /sparc/kernel/mdesc.c                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12615                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16229      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16230      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/gpu/drm/radeon/radeon_display.c                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16230                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16231      |          |                       |                   | kernel: null-pointer dereference                             |
|                     |                     |          |                       |                   | in drivers/net/fjes/fjes_main.c                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16231                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16232      |          |                       |                   | kernel: null-pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/net/wireless/marvell/libertas/if_sdio.c              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16232                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16233      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in drivers/scsi/qla2xxx/qla_os.c                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16233                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16234      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/net/wireless/intel/iwlwifi/pcie/trans.c              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16234                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19064      |          |                       |                   | kernel: A memory leak in the                                 |
|                     |                     |          |                       |                   | fsl_lpspi_probe() function in                                |
|                     |                     |          |                       |                   | drivers/spi/spi-fsl-lpspi.c                                  |
|                     |                     |          |                       |                   | allows for...                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19064                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19070      |          |                       |                   | kernel: A memory leak in the                                 |
|                     |                     |          |                       |                   | spi_gpio_probe() function in                                 |
|                     |                     |          |                       |                   | drivers/spi/spi-gpio.c allows for...                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19070                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19083      |          |                       |                   | kernel: memory leaks in                                      |
|                     |                     |          |                       |                   | *clock_source_create() functions                             |
|                     |                     |          |                       |                   | under drivers/gpu/drm/amd/display/dc                         |
|                     |                     |          |                       |                   | leads to DoS                                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19083                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3178       |          |                       | 4.19.171-1        | kernel: path traversal in                                    |
|                     |                     |          |                       |                   | fs/nfsd/nfs3xdr.c may lead to                                |
|                     |                     |          |                       |                   | Information Disclosure or RCE...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3178                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0000000-F7A20F |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0000000-F7A20F   |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25670      | UNKNOWN  |                       |                   | kernel: refcount leak                                        |
|                     |                     |          |                       |                   | in llcp_sock_bind()                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25670                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25671      |          |                       |                   | kernel: refcount leak                                        |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25671                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25672      |          |                       |                   | kernel: memory leak                                          |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25672                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25673      |          |                       |                   | kernel: non-blocking socket                                  |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25673                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| login               | CVE-2007-5686       | LOW      | 1:4.5-1.1             |                   | initscripts in rPath Linux 1                                 |
|                     |                     |          |                       |                   | sets insecure permissions for                                |
|                     |                     |          |                       |                   | the /var/log/btmp file,...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-5686                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4235       |          |                       |                   | shadow-utils: TOCTOU race                                    |
|                     |                     |          |                       |                   | conditions by copying and                                    |
|                     |                     |          |                       |                   | removing directory trees                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4235                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-7169       |          |                       |                   | shadow-utils: newgidmap                                      |
|                     |                     |          |                       |                   | allows unprivileged user to                                  |
|                     |                     |          |                       |                   | drop supplementary groups                                    |
|                     |                     |          |                       |                   | potentially allowing privilege...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-7169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19882      |          |                       |                   | shadow-utils: local users can                                |
|                     |                     |          |                       |                   | obtain root access because setuid                            |
|                     |                     |          |                       |                   | programs are misconfigured...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19882                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0628843-DBAD28 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| openssl             | CVE-2007-6755       |          | 1.1.1d-0+deb10u4      |                   | Dual_EC_DRBG: weak pseudo                                    |
|                     |                     |          |                       |                   | random number generator                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-6755                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-0928       |          |                       |                   | openssl: RSA authentication weakness                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-0928                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1551       |          |                       |                   | openssl: Integer overflow in RSAZ                            |
|                     |                     |          |                       |                   | modular exponentiation on x86_64                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1551                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| passwd              | CVE-2007-5686       |          | 1:4.5-1.1             |                   | initscripts in rPath Linux 1                                 |
|                     |                     |          |                       |                   | sets insecure permissions for                                |
|                     |                     |          |                       |                   | the /var/log/btmp file,...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-5686                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4235       |          |                       |                   | shadow-utils: TOCTOU race                                    |
|                     |                     |          |                       |                   | conditions by copying and                                    |
|                     |                     |          |                       |                   | removing directory trees                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4235                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-7169       |          |                       |                   | shadow-utils: newgidmap                                      |
|                     |                     |          |                       |                   | allows unprivileged user to                                  |
|                     |                     |          |                       |                   | drop supplementary groups                                    |
|                     |                     |          |                       |                   | potentially allowing privilege...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-7169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19882      |          |                       |                   | shadow-utils: local users can                                |
|                     |                     |          |                       |                   | obtain root access because setuid                            |
|                     |                     |          |                       |                   | programs are misconfigured...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19882                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0628843-DBAD28 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| perl-base           | CVE-2011-4116       |          | 5.28.1-6+deb10u1      |                   | perl: File::Temp insecure                                    |
|                     |                     |          |                       |                   | temporary file handling                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4116                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| sqlite3             | CVE-2019-19603      | HIGH     | 3.27.2-3+deb10u1      |                   | sqlite: mishandles certain SELECT                            |
|                     |                     |          |                       |                   | statements with a nonexistent                                |
|                     |                     |          |                       |                   | VIEW, leading to DoS...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19603                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19645      | MEDIUM   |                       |                   | sqlite: infinite recursion via                               |
|                     |                     |          |                       |                   | certain types of self-referential                            |
|                     |                     |          |                       |                   | views in conjunction with...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19645                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19924      |          |                       |                   | sqlite: incorrect                                            |
|                     |                     |          |                       |                   | sqlite3WindowRewrite() error                                 |
|                     |                     |          |                       |                   | handling leads to mishandling                                |
|                     |                     |          |                       |                   | certain parser-tree rewriting                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19924                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13631      |          |                       |                   | sqlite: Virtual table can be                                 |
|                     |                     |          |                       |                   | renamed into the name of one of...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13631                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19244      | LOW      |                       |                   | sqlite: allows a crash                                       |
|                     |                     |          |                       |                   | if a sub-select uses both                                    |
|                     |                     |          |                       |                   | DISTINCT and window...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19244                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11656      |          |                       |                   | sqlite: use-after-free in the                                |
|                     |                     |          |                       |                   | ALTER TABLE implementation                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11656                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| sysvinit-utils      | TEMP-0517018-A83CE6 |          | 2.93-8                |                   | -->security-tracker.debian.org/tracker/TEMP-0517018-A83CE6   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| tar                 | CVE-2005-2541       |          | 1.30+dfsg-6           |                   | Tar 1.15.1 does not                                          |
|                     |                     |          |                       |                   | properly warn the user when                                  |
|                     |                     |          |                       |                   | extracting setuid or...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2005-2541                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9923       |          |                       |                   | tar: null-pointer dereference                                |
|                     |                     |          |                       |                   | in pax_decode_header in sparse.c                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9923                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-20193      |          |                       |                   | tar: Memory leak in                                          |
|                     |                     |          |                       |                   | read_header() in list.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-20193                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0290435-0B57B5 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0290435-0B57B5   |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
Originally created by @thelittlefireman on GitHub (Feb 2, 2021). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1349 Hi, could it be possible to add trivy scan on CI on docker image ? The image base on alpine is safe, but on debian (latest) contains lots of CVE : ``` docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:alpine docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:latest ``` alpine result : ``` 2021-02-02T15:58:43.847Z INFO Detecting Alpine vulnerabilities... 2021-02-02T15:58:43.852Z INFO Trivy skips scanning programming language libraries because no supported file was detected bitwardenrs/server:alpine (alpine 3.12.3) ========================================= Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ``` debian result : ``` 2021-02-02T15:54:59.426Z WARN You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed 2021-02-02T15:55:02.257Z INFO Detecting Debian vulnerabilities... 2021-02-02T15:55:02.345Z INFO Trivy skips scanning programming language libraries because no supported file was detected bitwardenrs/server:latest (debian 10.7) ======================================= Total: 291 (UNKNOWN: 4, LOW: 164, MEDIUM: 46, HIGH: 77, CRITICAL: 0) +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | apt | CVE-2011-3374 | LOW | 1.8.2.2 | | It was found that apt-key in apt, | | | | | | | all versions, do not correctly... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | | | | | | | equal to its real UID the... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0841856-B18BAF | | | | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | | | | | | | session can escape to the | | | | | | | parent session in chroot | | | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-18018 | | | | coreutils: race condition | | | | | | | vulnerability in chown and chgrp | | | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | curl | CVE-2020-8169 | HIGH | 7.64.0-4+deb10u1 | | libcurl: partial password | | | | | | | leak over DNS on HTTP redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8169 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8177 | | | | curl: Incorrect argument | | | | | | | check can allow remote servers | | | | | | | to overwrite local files... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8177 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8231 | | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | `CURLOPT_CONNECT_ONLY` option set | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8231 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8285 | | | | curl: malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION | | | | | | | is used... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8285 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8286 | | | | curl: inferior OCSP verification | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8286 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2020-8284 | LOW | | | curl: dangerous nature | | | | | | | of PASV command could | | | | | | | be used to make curl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8284 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | | | | | | | Forgeries with SHA-1 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.2 | | It was found that apt-key in apt, | | | | | | | all versions, do not correctly... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libc-bin | CVE-2020-1751 | HIGH | 2.28-10 | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libc-dev-bin | CVE-2020-1751 | HIGH | | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libc6 | CVE-2020-1751 | HIGH | | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libc6-dev | CVE-2020-1751 | HIGH | | | glibc: array overflow in | | | | | | | backtrace functions for powerpc | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-1752 | | | | glibc: use-after-free in glob() | | | | | | | function when expanding ~user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | | | | | | | iconv when processing invalid | | | | | | | multi-byte input sequences in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-10029 | | | | glibc: stack corruption | | | | | | | from crafted input in cosl, | | | | | | | sinl, sincosl, and tanl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27618 | | | | glibc: iconv when processing | | | | | | | invalid multi-byte input | | | | | | | sequences fails to advance the... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3326 | | | | glibc: Assertion failure in | | | | | | | ISO-2022-JP-3 gconv module | | | | | | | related to combining characters | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2010-4051 | LOW | | | CVE-2010-4052 glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4051 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4052 | | | | CVE-2010-4051 CVE-2010-4052 | | | | | | | glibc: De-recursivise | | | | | | | regular expression engine | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4052 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4756 | | | | glibc: glob implementation | | | | | | | can cause excessive CPU and | | | | | | | memory consumption due to... | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10228 | | | | glibc: iconv program can hang | | | | | | | when invoked with the -c option | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | | | | | | | leads to code execution because of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010024 | | | | glibc: ASLR bypass using | | | | | | | cache of thread stack and heap | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1010025 | | | | glibc: information disclosure of heap | | | | | | | addresses of pthread_created thread | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | | | | | | | not ignored in setuid binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | | | | | | | function check_dst_limits_calc_pos_1 | | | | | | | in posix/regexec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-6096 | | | | glibc: signed comparison | | | | | | | vulnerability in the | | | | | | | ARMv7 memcpy function | | | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libcurl4 | CVE-2020-8169 | HIGH | 7.64.0-4+deb10u1 | | libcurl: partial password | | | | | | | leak over DNS on HTTP redirect | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8169 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8177 | | | | curl: Incorrect argument | | | | | | | check can allow remote servers | | | | | | | to overwrite local files... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8177 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8231 | | | | curl: Expired pointer | | | | | | | dereference via multi API with | | | | | | | `CURLOPT_CONNECT_ONLY` option set | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8231 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8285 | | | | curl: malicious FTP server can | | | | | | | trigger stack overflow when | | | | | | | CURLOPT_CHUNK_BGN_FUNCTION | | | | | | | is used... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8285 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-8286 | | | | curl: inferior OCSP verification | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8286 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2020-8284 | LOW | | | curl: dangerous nature | | | | | | | of PASV command could | | | | | | | be used to make curl... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8284 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libgcrypt20 | CVE-2019-13627 | MEDIUM | 1.8.4-5 | | libgcrypt: ECDSA timing attack | | | | | | | allowing private key leak | | | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | | | | | | | doesn't have semantic security due | | | | | | | to incorrectly encoded plaintexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libgnutls-dane0 | CVE-2020-24659 | HIGH | 3.6.7-4+deb10u5 | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libgnutls-openssl27 | CVE-2020-24659 | HIGH | | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libgnutls28-dev | CVE-2020-24659 | HIGH | | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libgnutls30 | CVE-2020-24659 | HIGH | | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libgnutlsxx28 | CVE-2020-24659 | HIGH | | | gnutls: Heap buffer | | | | | | | overflow in handshake with | | | | | | | no_renegotiation alert sent | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24659 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2011-3389 | LOW | | | HTTPS: block-wise chosen-plaintext | | | | | | | attack against SSL/TLS (BEAST) | | | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u1 | | security flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-5709 | | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | | | | | | | fails to perform the roundtrip | | | | | | | checks specified in... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | +---------------------+ + + +-------------------+ + | libidn2-dev | | | | | | | | | | | | | | | | | | | | | | | | | | | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u1 | | security flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-5709 | | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +---------------------+---------------------+ + +-------------------+--------------------------------------------------------------+ | libkrb5-3 | CVE-2004-0971 | | | | security flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-5709 | | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +---------------------+---------------------+ + +-------------------+--------------------------------------------------------------+ | libkrb5support0 | CVE-2004-0971 | | | | security flaw | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-5709 | | | | krb5: integer overflow | | | | | | | in dbentry->n_key_data | | | | | | | in kadmin/dbutil/dump.c | | | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libldap-2.4-2 | CVE-2020-36221 | HIGH | 2.4.47+dfsg-3+deb10u4 | | openldap: Integer underflow | | | | | | | in serialNumberAndIssuerCheck | | | | | | | in schema_init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36221 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36222 | | | | openldap: Assertion failure in | | | | | | | slapd in the saslAuthzTo validation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36222 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36223 | | | | openldap: Out-of-bounds | | | | | | | read in Values Return Filter | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36223 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36224 | | | | openldap: Invalid pointer free | | | | | | | in the saslAuthzTo processing | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36224 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36225 | | | | openldap: Double free in | | | | | | | the saslAuthzTo processing | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36225 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36226 | | | | openldap: Denial of service | | | | | | | via length miscalculation | | | | | | | in slap_parse_user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36226 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36227 | | | | openldap: Infinite loop in slapd with | | | | | | | the cancel_extop Cancel operation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36227 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36228 | | | | openldap: Integer underflow | | | | | | | in issuerAndThisUpdateCheck | | | | | | | in schema_init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36229 | | | | openldap: Type confusion | | | | | | | in ad_keystring in ad.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36229 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36230 | | | | openldap: Assertion failure in | | | | | | | ber_next_element in decode.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36230 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2015-3276 | LOW | | | openldap: incorrect multi-keyword | | | | | | | mode cipherstring parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-14159 | | | | openldap: Privilege escalation | | | | | | | via PID file manipulation | | | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-17740 | | | | openldap: | | | | | | | contrib/slapd-modules/nops/nops.c | | | | | | | attempts to free stack buffer | | | | | | | allowing remote attackers to cause... | | | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-15719 | | | | openldap: Certificate | | | | | | | validation incorrectly | | | | | | | matches name against CN-ID | | | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | +---------------------+---------------------+----------+ +-------------------+--------------------------------------------------------------+ | libldap-common | CVE-2020-36221 | HIGH | | | openldap: Integer underflow | | | | | | | in serialNumberAndIssuerCheck | | | | | | | in schema_init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36221 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36222 | | | | openldap: Assertion failure in | | | | | | | slapd in the saslAuthzTo validation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36222 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36223 | | | | openldap: Out-of-bounds | | | | | | | read in Values Return Filter | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36223 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36224 | | | | openldap: Invalid pointer free | | | | | | | in the saslAuthzTo processing | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36224 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36225 | | | | openldap: Double free in | | | | | | | the saslAuthzTo processing | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36225 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36226 | | | | openldap: Denial of service | | | | | | | via length miscalculation | | | | | | | in slap_parse_user | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36226 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36227 | | | | openldap: Infinite loop in slapd with | | | | | | | the cancel_extop Cancel operation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36227 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36228 | | | | openldap: Integer underflow | | | | | | | in issuerAndThisUpdateCheck | | | | | | | in schema_init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36228 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36229 | | | | openldap: Type confusion | | | | | | | in ad_keystring in ad.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36229 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-36230 | | | | openldap: Assertion failure in | | | | | | | ber_next_element in decode.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36230 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2015-3276 | LOW | | | openldap: incorrect multi-keyword | | | | | | | mode cipherstring parsing | | | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-14159 | | | | openldap: Privilege escalation | | | | | | | via PID file manipulation | | | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-17740 | | | | openldap: | | | | | | | contrib/slapd-modules/nops/nops.c | | | | | | | attempts to free stack buffer | | | | | | | allowing remote attackers to cause... | | | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-15719 | | | | openldap: Certificate | | | | | | | validation incorrectly | | | | | | | matches name against CN-ID | | | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | liblz4-1 | CVE-2019-17543 | | 1.8.3-1 | | lz4: heap-based buffer | | | | | | | overflow in LZ4_write32 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libnghttp2-14 | TEMP-0000000-A4EF31 | | 1.36.0-2+deb10u1 | | -->security-tracker.debian.org/tracker/TEMP-0000000-A4EF31 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libp11-kit-dev | CVE-2020-29361 | HIGH | 0.23.15-2 | 0.23.15-2+deb10u1 | p11-kit: integer overflow when | | | | | | | allocating memory for arrays | | | | | | | or attributes and object... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29361 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-29363 | | | | p11-kit: out-of-bounds write in | | | | | | | p11_rpc_buffer_get_byte_array_value | | | | | | | function in rpc-message.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29363 | + +---------------------+----------+ + +--------------------------------------------------------------+ | | CVE-2020-29362 | MEDIUM | | | p11-kit: out-of-bounds read in | | | | | | | p11_rpc_buffer_get_byte_array | | | | | | | function in rpc-message.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29362 | +---------------------+---------------------+----------+ + +--------------------------------------------------------------+ | libp11-kit0 | CVE-2020-29361 | HIGH | | | p11-kit: integer overflow when | | | | | | | allocating memory for arrays | | | | | | | or attributes and object... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29361 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-29363 | | | | p11-kit: out-of-bounds write in | | | | | | | p11_rpc_buffer_get_byte_array_value | | | | | | | function in rpc-message.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29363 | + +---------------------+----------+ + +--------------------------------------------------------------+ | | CVE-2020-29362 | MEDIUM | | | p11-kit: out-of-bounds read in | | | | | | | p11_rpc_buffer_get_byte_array | | | | | | | function in rpc-message.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29362 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libpcre3 | CVE-2020-14155 | | 2:8.39-12 | | pcre: integer overflow in libpcre | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | | | | | | | match function in pcre_exec.c | | | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-16231 | | | | pcre: self-recursive call | | | | | | | in match() in pcre_exec.c | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | | | | | | | write in pcre32_copy_substring | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | | | | | | | write in pcre32_copy_substring | | | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-20838 | | | | pcre: buffer over-read in | | | | | | | JIT when UTF is disabled | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libpq5 | CVE-2020-25694 | HIGH | 11.9-0+deb10u1 | | postgresql: Reconnection | | | | | | | can downgrade connection | | | | | | | security settings | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25694 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25695 | | | | postgresql: Multiple | | | | | | | features escape "security | | | | | | | restricted operation" sandbox | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25695 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25696 | | | | postgresql: psql's | | | | | | | \gset allows overwriting | | | | | | | specially treated variables | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25696 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-9193 | LOW | | | postgresql: Command injection via | | | | | | | "COPY TO/FROM PROGRAM" function | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9193 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | | | | | | | of syscall filters in libseccomp | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandles certain SELECT | | | | | | | statements with a nonexistent | | | | | | | VIEW, leading to DoS... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | | | | | | | certain types of self-referential | | | | | | | views in conjunction with... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19924 | | | | sqlite: incorrect | | | | | | | sqlite3WindowRewrite() error | | | | | | | handling leads to mishandling | | | | | | | certain parser-tree rewriting | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-13631 | | | | sqlite: Virtual table can be | | | | | | | renamed into the name of one of... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-19244 | LOW | | | sqlite: allows a crash | | | | | | | if a sub-select uses both | | | | | | | DISTINCT and window... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-11656 | | | | sqlite: use-after-free in the | | | | | | | ALTER TABLE implementation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | | | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | | | | | | | in kex.c leads to out-of-bounds write | | | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | | | | | | | SSH_MSG_DISCONNECT logic in packet.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u4 | | Dual_EC_DRBG: weak pseudo | | | | | | | random number generator | | | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-0928 | | | | openssl: RSA authentication weakness | | | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1551 | | | | openssl: Integer overflow in RSAZ | | | | | | | modular exponentiation on x86_64 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | | | | | | | protection address in cfgexpand.c | | | | | | | and function.c leads to... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | | | | | | | produces repeated output | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libsystemd0 | CVE-2019-3843 | | 241-7~deb10u5 | | systemd: services with DynamicUser | | | | | | | can create SUID/SGID binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-3844 | | | | systemd: services with DynamicUser | | | | | | | can get new privileges and | | | | | | | create SGID binaries... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | | | | | | | when updating file permissions | | | | | | | and SELinux security contexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-20386 | | | | systemd: memory leak in button_open() | | | | | | | in login/logind-button.c when | | | | | | | udev events are received... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-13776 | | | | systemd: mishandles numerical | | | | | | | usernames beginning with decimal | | | | | | | digits or 0x followed by... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | | | | | | | _asn1_expand_object_id(ptree) | | | | | | | leads to memory exhaustion | | | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | +---------------------+ + + +-------------------+ + | libtasn1-6-dev | | | | | | | | | | | | | | | | | | | | | | | | | | | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u5 | | systemd: services with DynamicUser | | | | | | | can create SUID/SGID binaries | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-3844 | | | | systemd: services with DynamicUser | | | | | | | can get new privileges and | | | | | | | create SGID binaries... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | | | | | | | when updating file permissions | | | | | | | and SELinux security contexts... | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-20386 | | | | systemd: memory leak in button_open() | | | | | | | in login/logind-button.c when | | | | | | | udev events are received... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-13776 | | | | systemd: mishandles numerical | | | | | | | usernames beginning with decimal | | | | | | | digits or 0x followed by... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | libunbound8 | CVE-2020-28935 | MEDIUM | 1.9.0-2+deb10u2 | | unbound: symbolic link | | | | | | | traversal when writing PID file | | | | | | | -->avd.aquasec.com/nvd/cve-2020-28935 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-18934 | LOW | | | unbound: command injection with | | | | | | | data coming from a specially | | | | | | | crafted IPSECKEY answer... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-18934 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | linux-libc-dev | CVE-2013-7445 | HIGH | 4.19.160-2 | | kernel: memory exhaustion via | | | | | | | crafted Graphics Execution | | | | | | | Manager (GEM) objects | | | | | | | -->avd.aquasec.com/nvd/cve-2013-7445 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19378 | | | | kernel: out-of-bounds write in | | | | | | | index_rbio_pages in fs/btrfs/raid56.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19378 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19449 | | | | kernel: mounting a crafted | | | | | | | f2fs filesystem image can lead | | | | | | | to slab-out-of-bounds read... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19449 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19814 | | | | kernel: out-of-bounds write | | | | | | | in __remove_dirty_segment | | | | | | | in fs/f2fs/segment.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19814 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-11725 | | | | kernel: improper handling of | | | | | | | private_size*count multiplication | | | | | | | due to count=info->owner typo | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11725 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-16119 | | | | kernel: DCCP CCID structure | | | | | | | use-after-free may lead to | | | | | | | DoS or code execution... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-16119 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27815 | | | 4.19.171-2 | kernel: Array index out of | | | | | | | bounds access when setting | | | | | | | extended attributes on... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27815 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-28374 | | | | kernel: SCSI target (LIO) write | | | | | | | to any block on ILO backstore | | | | | | | -->avd.aquasec.com/nvd/cve-2020-28374 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-29374 | | | | kernel: the get_user_pages | | | | | | | implementation when used for a | | | | | | | copy-on-write page does not... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29374 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-29569 | | | 4.19.171-2 | ELSA-2021-9025: Unbreakable | | | | | | | Enterprise kernel-container | | | | | | | security update (IMPORTANT) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29569 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-29661 | | | | kernel: locking issue in | | | | | | | drivers/tty/tty_jobctrl.c | | | | | | | can lead to an use-after-free | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29661 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2021-3347 | | | | kernel: Use after free | | | | | | | via PI futex state | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3347 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2017-0630 | MEDIUM | | | kernel: Information | | | | | | | disclosure vulnerability | | | | | | | in kernel trace subsystem | | | | | | | -->avd.aquasec.com/nvd/cve-2017-0630 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-3693 | | | | Kernel: speculative | | | | | | | bounds check bypass store | | | | | | | -->avd.aquasec.com/nvd/cve-2018-3693 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15213 | | | | kernel: use-after-free caused | | | | | | | by malicious USB device in | | | | | | | drivers/media/usb/dvb-usb/dvb-usb-init.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15213 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-15794 | | | | kernel: Overlayfs in the | | | | | | | Linux kernel and shiftfs | | | | | | | not restoring original... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-15794 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16089 | | | | kernel: Improper return check | | | | | | | in nbd_genl_status function | | | | | | | in drivers/block/nbd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16089 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-20794 | | | | kernel: task processes not | | | | | | | being properly ended could | | | | | | | lead to resource exhaustion... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20794 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-14304 | | | | kernel: ethtool when reading | | | | | | | eeprom of device could | | | | | | | lead to memory leak... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14304 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-15802 | | | | hardware: BLURtooth: "Dual | | | | | | | mode" hardware using CTKD are | | | | | | | vulnerable to key overwrite... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-15802 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-16120 | | | | kernel: incorrect unprivileged | | | | | | | overlayfs permission checking may | | | | | | | lead to information disclosure | | | | | | | -->avd.aquasec.com/nvd/cve-2020-16120 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-26541 | | | | kernel: security bypass | | | | | | | in certs/blacklist.c and | | | | | | | certs/system_keyring.c | | | | | | | -->avd.aquasec.com/nvd/cve-2020-26541 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27820 | | | | kernel: use-after-free | | | | | | | in nouveau kernel module | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27820 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27825 | | | 4.19.171-2 | kernel: use-after-free | | | | | | | in the ftrace ring buffer | | | | | | | resizing logic due to a... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27825 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-27830 | | | | kernel: null pointer dereference | | | | | | | in in spk_ttyio_receive_buf2 | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27830 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-27835 | | | | kernel: child process is able to | | | | | | | access parent mm through hfi dev... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-27835 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-29568 | | | 4.19.171-2 | ELSA-2021-9025: Unbreakable | | | | | | | Enterprise kernel-container | | | | | | | security update (IMPORTANT) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29568 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-29660 | | | | kernel: locking inconsistency | | | | | | | in drivers/tty/tty_io.c and | | | | | | | drivers/tty/tty_jobctrl.c can | | | | | | | lead to a read-after-free... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-29660 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2020-36158 | | | | kernel: buffer overflow in | | | | | | | mwifiex_cmd_802_11_ad_hoc_start function in | | | | | | | drivers/net/wireless/marvell/mwifiex/join.c | | | | | | | via a long SSID... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36158 | + +---------------------+ + + +--------------------------------------------------------------+ | | CVE-2021-20177 | | | | kernel: iptables string match | | | | | | | rule could result in kernel panic | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20177 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3348 | | | | kernel: Use-after-free | | | | | | | in ndb_queue_rq() in | | | | | | | drivers/block/nbd.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3348 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2004-0230 | LOW | | | TCP, when using a large Window | | | | | | | Size, makes it easier for remote... | | | | | | | -->avd.aquasec.com/nvd/cve-2004-0230 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2005-3660 | | | | Linux kernel 2.4 and 2.6 allows | | | | | | | attackers to cause a denial of... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-3660 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2007-3719 | | | | kernel: secretly Monopolizing the | | | | | | | CPU Without Superuser Privileges | | | | | | | -->avd.aquasec.com/nvd/cve-2007-3719 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2008-2544 | | | | kernel: mounting proc | | | | | | | readonly on a different mount | | | | | | | point silently mounts it... | | | | | | | -->avd.aquasec.com/nvd/cve-2008-2544 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2008-4609 | | | | kernel: TCP protocol | | | | | | | vulnerabilities from Outpost24 | | | | | | | -->avd.aquasec.com/nvd/cve-2008-4609 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-4563 | | | | kernel: ipv6: sniffer detection | | | | | | | -->avd.aquasec.com/nvd/cve-2010-4563 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-5321 | | | | kernel: v4l: videobuf: hotfix a | | | | | | | bug on multiple calls to mmap() | | | | | | | -->avd.aquasec.com/nvd/cve-2010-5321 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2011-4915 | | | | fs/proc/base.c in the Linux | | | | | | | kernel through 3.1 allows | | | | | | | local users to obtain... | | | | | | | -->avd.aquasec.com/nvd/cve-2011-4915 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2011-4917 | | | | -->avd.aquasec.com/nvd/cve-2011-4917 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2012-4542 | | | | kernel: block: default SCSI | | | | | | | command filter does not accomodate | | | | | | | commands overlap across... | | | | | | | -->avd.aquasec.com/nvd/cve-2012-4542 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2014-9892 | | | | The snd_compr_tstamp function in | | | | | | | sound/core/compress_offload.c in | | | | | | | the Linux kernel through 4.7, as... | | | | | | | -->avd.aquasec.com/nvd/cve-2014-9892 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2014-9900 | | | | kernel: Info leak in uninitialized | | | | | | | structure ethtool_wolinfo | | | | | | | in ethtool_get_wol() | | | | | | | -->avd.aquasec.com/nvd/cve-2014-9900 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2015-2877 | | | | Kernel: Cross-VM ASL | | | | | | | INtrospection (CAIN) | | | | | | | -->avd.aquasec.com/nvd/cve-2015-2877 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-10723 | | | | ** DISPUTED ** An issue | | | | | | | was discovered in the | | | | | | | Linux kernel through... | | | | | | | -->avd.aquasec.com/nvd/cve-2016-10723 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2016-8660 | | | | kernel: xfs: local DoS due to | | | | | | | a page lock order bug in... | | | | | | | -->avd.aquasec.com/nvd/cve-2016-8660 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-13693 | | | | kernel: ACPI operand | | | | | | | cache leak in dsutils.c | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13693 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2017-13694 | | | | kernel: ACPI node and | | | | | | | node_ext cache leak | | | | | | | -->avd.aquasec.com/nvd/cve-2017-13694 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-1121 | | | | procps-ng, procps: process | | | | | | | hiding through race | | | | | | | condition enumerating /proc | | | | | | | -->avd.aquasec.com/nvd/cve-2018-1121 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-12928 | | | | kernel: NULL pointer dereference | | | | | | | in hfs_ext_read_extent in hfs.ko | | | | | | | -->avd.aquasec.com/nvd/cve-2018-12928 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-17977 | | | | kernel: Mishandled interactions among | | | | | | | XFRM Netlink messages, IPPROTO_AH | | | | | | | packets, and IPPROTO_IP packets... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-17977 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-11191 | | | | kernel: race condition in | | | | | | | load_aout_binary() allows local | | | | | | | users to bypass ASLR on... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-11191 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12378 | | | | kernel: unchecked kmalloc | | | | | | | of new_ra in ip6_ra_control | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12378 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12379 | | | | kernel: memory leak in | | | | | | | con_insert_unipair in | | | | | | | drivers/tty/vt/consolemap.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12379 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12380 | | | | kernel: memory allocation | | | | | | | failure in the efi subsystem | | | | | | | leads to denial of... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12380 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12381 | | | | kernel: unchecked kmalloc | | | | | | | of new_ra in ip_ra_control | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12381 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12382 | | | | kernel: unchecked kstrdup of | | | | | | | fwstr in drm_load_edid_firmware | | | | | | | leads to denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12382 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12455 | | | | kernel: null pointer dereference | | | | | | | in sunxi_divs_clk_setup in | | | | | | | drivers/clk/sunxi/clk-sunxi.c | | | | | | | causing denial of service... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12455 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12456 | | | | kernel: double fetch in the | | | | | | | MPT3COMMAND case in _ctl_ioctl_main | | | | | | | in drivers/scsi/mpt3sas/mpt3sas_ctl.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12456 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-12615 | | | | kernel: null pointer dereference | | | | | | | in get_vdev_port_node_info | | | | | | | in arch /sparc/kernel/mdesc.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12615 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16229 | | | | kernel: null pointer dereference in | | | | | | | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16229 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16230 | | | | kernel: null pointer dereference in | | | | | | | drivers/gpu/drm/radeon/radeon_display.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16230 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16231 | | | | kernel: null-pointer dereference | | | | | | | in drivers/net/fjes/fjes_main.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16231 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16232 | | | | kernel: null-pointer dereference in | | | | | | | drivers/net/wireless/marvell/libertas/if_sdio.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16232 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16233 | | | | kernel: null pointer dereference | | | | | | | in drivers/scsi/qla2xxx/qla_os.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16233 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-16234 | | | | kernel: null pointer dereference in | | | | | | | drivers/net/wireless/intel/iwlwifi/pcie/trans.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16234 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19064 | | | | kernel: A memory leak in the | | | | | | | fsl_lpspi_probe() function in | | | | | | | drivers/spi/spi-fsl-lpspi.c | | | | | | | allows for... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19064 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19070 | | | | kernel: A memory leak in the | | | | | | | spi_gpio_probe() function in | | | | | | | drivers/spi/spi-gpio.c allows for... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19070 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19083 | | | | kernel: memory leaks in | | | | | | | *clock_source_create() functions | | | | | | | under drivers/gpu/drm/amd/display/dc | | | | | | | leads to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19083 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-3178 | | | 4.19.171-1 | kernel: path traversal in | | | | | | | fs/nfsd/nfs3xdr.c may lead to | | | | | | | Information Disclosure or RCE... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3178 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0000000-F7A20F | | | | -->security-tracker.debian.org/tracker/TEMP-0000000-F7A20F | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2020-25670 | UNKNOWN | | | kernel: refcount leak | | | | | | | in llcp_sock_bind() | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25670 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25671 | | | | kernel: refcount leak | | | | | | | in llcp_sock_connect() | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25671 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25672 | | | | kernel: memory leak | | | | | | | in llcp_sock_connect() | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25672 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-25673 | | | | kernel: non-blocking socket | | | | | | | in llcp_sock_connect() | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25673 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | login | CVE-2007-5686 | LOW | 1:4.5-1.1 | | initscripts in rPath Linux 1 | | | | | | | sets insecure permissions for | | | | | | | the /var/log/btmp file,... | | | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | | | | | | | conditions by copying and | | | | | | | removing directory trees | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-7169 | | | | shadow-utils: newgidmap | | | | | | | allows unprivileged user to | | | | | | | drop supplementary groups | | | | | | | potentially allowing privilege... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19882 | | | | shadow-utils: local users can | | | | | | | obtain root access because setuid | | | | | | | programs are misconfigured... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0628843-DBAD28 | | | | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u4 | | Dual_EC_DRBG: weak pseudo | | | | | | | random number generator | | | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2010-0928 | | | | openssl: RSA authentication weakness | | | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-1551 | | | | openssl: Integer overflow in RSAZ | | | | | | | modular exponentiation on x86_64 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | | | | | | | sets insecure permissions for | | | | | | | the /var/log/btmp file,... | | | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | | | | | | | conditions by copying and | | | | | | | removing directory trees | | | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2018-7169 | | | | shadow-utils: newgidmap | | | | | | | allows unprivileged user to | | | | | | | drop supplementary groups | | | | | | | potentially allowing privilege... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19882 | | | | shadow-utils: local users can | | | | | | | obtain root access because setuid | | | | | | | programs are misconfigured... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0628843-DBAD28 | | | | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | perl-base | CVE-2011-4116 | | 5.28.1-6+deb10u1 | | perl: File::Temp insecure | | | | | | | temporary file handling | | | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ | sqlite3 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandles certain SELECT | | | | | | | statements with a nonexistent | | | | | | | VIEW, leading to DoS... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | | | | | | | certain types of self-referential | | | | | | | views in conjunction with... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-19924 | | | | sqlite: incorrect | | | | | | | sqlite3WindowRewrite() error | | | | | | | handling leads to mishandling | | | | | | | certain parser-tree rewriting | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-13631 | | | | sqlite: Virtual table can be | | | | | | | renamed into the name of one of... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | + +---------------------+----------+ +-------------------+--------------------------------------------------------------+ | | CVE-2019-19244 | LOW | | | sqlite: allows a crash | | | | | | | if a sub-select uses both | | | | | | | DISTINCT and window... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2020-11656 | | | | sqlite: use-after-free in the | | | | | | | ALTER TABLE implementation | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | sysvinit-utils | TEMP-0517018-A83CE6 | | 2.93-8 | | -->security-tracker.debian.org/tracker/TEMP-0517018-A83CE6 | +---------------------+---------------------+ +-----------------------+-------------------+--------------------------------------------------------------+ | tar | CVE-2005-2541 | | 1.30+dfsg-6 | | Tar 1.15.1 does not | | | | | | | properly warn the user when | | | | | | | extracting setuid or... | | | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2019-9923 | | | | tar: null-pointer dereference | | | | | | | in pax_decode_header in sparse.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | CVE-2021-20193 | | | | tar: Memory leak in | | | | | | | read_header() in list.c | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | + +---------------------+ + +-------------------+--------------------------------------------------------------+ | | TEMP-0290435-0B57B5 | | | | -->security-tracker.debian.org/tracker/TEMP-0290435-0B57B5 | +---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+ ```
kerem 2026-03-03 02:04:41 +03:00
kerem commented 2026-03-03 02:04:42 +03:00
Author
Owner
Copy link

@jjlin commented on GitHub (Feb 2, 2021):

This doesn't seem particularly valuable. Each bitwarden_rs image build generally uses the latest base image available and installs the latest packages available at that time, so that's pretty much the best that can be done, short of rebuilding the images on each base image update. This tool also has a ton of false positives...

<!-- gh-comment-id:771890857 --> @jjlin commented on GitHub (Feb 2, 2021): This doesn't seem particularly valuable. Each bitwarden_rs image build generally uses the latest base image available and installs the latest packages available at that time, so that's pretty much the best that can be done, short of rebuilding the images on each base image update. This tool also has a ton of false positives...
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#921
No description provided.